Trust Assessment
jits-builder received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Node lockfile missing, Unsanitized user input leads to Node.js command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input leads to Node.js command injection The `serve` command in `jits.sh` constructs a Node.js script string by directly interpolating user-provided `name` (via `$html_file`) and `port` variables. An attacker can inject arbitrary Node.js code by including single quotes in the `name` or `port` arguments, breaking out of the string literals in the `node -e` command. This allows for arbitrary code execution on the host system with the privileges of the skill. Sanitize or escape user-provided `name` and `port` variables before interpolating them into the `node -e` command string. For `name`, ensure it's a valid filename and escape single quotes. For `port`, ensure it's a valid integer and escape single quotes. A safer approach would be to pass these values as environment variables or command-line arguments to a separate Node.js script, rather than directly embedding them in an `eval`-like context. | LLM | jits.sh:42 | |
| HIGH | Unsanitized user input leads to `cloudflared` argument injection The `tunnel` command in `jits.sh` constructs a `cloudflared` command by directly interpolating the user-provided `port` variable into the `--url` argument. An attacker can inject arbitrary arguments to the `cloudflared` command by including double quotes in the `port` argument, breaking out of the `--url` string. This could lead to misconfiguration, denial of service, or potentially arbitrary command execution depending on `cloudflared`'s capabilities. Sanitize or escape user-provided `port` variable before interpolating it into the `cloudflared` command string. Ensure `port` is a valid integer and escape any double quotes. Consider using a more robust method for passing arguments to external commands. | LLM | jits.sh:60 | |
| HIGH | Unsanitized app name allows path traversal in file operations The `name` variable, derived from user input (`$2`), is used directly in file paths for creating, reading, and deleting files (e.g., `.pid`, `.port`, `.url`, `.html`). If an attacker provides a `name` containing path traversal sequences like `../`, they can manipulate files outside the intended `/data/clawd/jits-apps` directory. This could lead to arbitrary file creation, modification, or deletion, potentially impacting system integrity or allowing for privilege escalation. Sanitize the `name` variable to ensure it only contains safe characters (e.g., alphanumeric, hyphens, underscores) and does not contain path separators or traversal sequences (`/`, `\`, `..`). A common approach is to use `basename` on the sanitized input or to validate against a strict regex before using it in file paths. | LLM | jits.sh:27 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/dannyshmueli/jits-builder/SKILL.md:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/dannyshmueli/jits-builder/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/e3332dd49f1d1b59)
Powered by SkillShield