Trust Assessment
jasper-recall received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Node lockfile missing, Potential Command Injection in `recall` binary invocation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection in `recall` binary invocation The `index.ts` plugin executes an external binary (`~/.local/bin/recall`) using `execFileSync`. User-controlled input (`query` from `event.prompt` or tool parameters) is passed as an argument to this binary after being `JSON.stringify`-ed. While `JSON.stringify` helps prevent direct shell injection into `execFileSync` itself (as `execFileSync` does not invoke a shell by default), the `recall` binary itself might be vulnerable if it's a shell script or a Python script that uses `subprocess.run(shell=True)` or similar methods to process its arguments without proper sanitization. An attacker could craft a malicious `query` that, when processed by the `recall` binary, leads to arbitrary command execution on the host system. Ensure the `recall` binary, especially if it's a shell script or a Python script using `subprocess`, properly sanitizes or escapes all user-controlled input before using it in any shell-executing context. Ideally, `recall` should parse its arguments directly and avoid invoking sub-shells with unsanitized input. If `recall` is a Python script, it should use `json.loads()` to parse the query and avoid `shell=True` in `subprocess.run()` when processing user input. | LLM | index.ts:51 | |
| HIGH | Reliance on unverified external `recall` binary and Python dependencies The skill's core functionality relies on an external `recall` binary located at `~/.local/bin/recall` and its associated Python virtual environment (`~/.openclaw/rag-env`) with dependencies like `ChromaDB` and `sentence-transformers`. These components are are installed via `npx jasper-recall setup`. The source code for the `recall` binary and its Python dependencies is not provided within the skill package context. This introduces a significant supply chain risk, as the integrity and security of the `jasper-recall` npm package and its installation script are critical. A malicious or compromised `jasper-recall` package could install backdoored binaries or libraries, leading to arbitrary code execution, data exfiltration, or other severe compromises on the host system. 1. Provide the source code for the `recall` binary and its Python dependencies within the skill package or link to a specific, immutable version (e.g., a git commit hash) of the source repository. 2. Implement robust integrity checks (e.g., cryptographic hashes) for all downloaded binaries and packages during installation. 3. Clearly document the security review process for all external dependencies. 4. Consider sandboxing the execution of the `recall` binary if it processes untrusted input. | LLM | SKILL.md:150 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/emberdesire/jasper-recall/extensions/jasper-recall/SKILL.md:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/emberdesire/jasper-recall/extensions/jasper-recall/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/5774a714a905cabe)
Powered by SkillShield