Trust Assessment
internet-failure-analysis-expert received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Server-Side Request Forgery (SSRF) via user-controlled URL, Server-Side Request Forgery (SSRF) via NVD reference URLs.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Server-Side Request Forgery (SSRF) via user-controlled URL The `extract_webpage.py` script directly fetches content from a URL provided as a command-line argument (`sys.argv[1]`). An attacker can supply a malicious URL (e.g., `http://localhost:8080/admin`, `http://169.254.169.254/latest/meta-data/`) to perform internal network reconnaissance, access sensitive internal services, or exfiltrate cloud metadata. The fetched content is then returned, making it a direct data exfiltration vector. Implement strict URL validation to whitelist allowed domains/protocols and block private IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.1/8, 169.254.169.254/32). Consider using a dedicated proxy for external requests if internal network access is not required. | LLM | scripts/extract_webpage.py:40 | |
| HIGH | Server-Side Request Forgery (SSRF) via NVD reference URLs The `fetch_cve_data.py` script fetches CVE details from NVD, which include a list of reference URLs. It then calls an internal `extract_text_from_url` function to crawl these reference URLs to obtain official announcement content. While NVD is a trusted source, a compromised vendor website or a cleverly crafted reference URL within NVD data could lead to an SSRF attack. This allows an attacker to potentially access internal network resources or cloud metadata from the agent's environment, leading to data exfiltration or internal network reconnaissance. Implement strict URL validation for all URLs fetched, especially those sourced from external data. This includes whitelisting allowed domains/protocols and blocking private IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.1/8, 169.254.169.254/32). Consider using a dedicated proxy for external requests if internal network access is not required. | LLM | scripts/fetch_cve_data.py:230 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/quasarryan/internet-failure-analysis-expert/scripts/extract_webpage.py:10 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/quasarryan/internet-failure-analysis-expert/scripts/fetch_cve_data.py:11 |
Scan History
Embed Code
[](https://skillshield.io/report/383aba1bfa7d4864)
Powered by SkillShield