Trust Assessment
Joko Moltbook received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized 'content' in 'reply' command, Command Injection via unsanitized 'title' and 'content' in 'create' command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized 'content' in 'reply' command The `moltbook.sh` script's `reply` command constructs a JSON payload for `curl -d` using the user-provided `$content` argument. This argument is directly embedded into a double-quoted string within the `curl` command. If `$content` contains a double quote (`"`) followed by shell metacharacters (e.g., `;`, `|`, `&`), it can break out of the JSON string and execute arbitrary shell commands on the host system. For example, `moltbook reply 123 'hello"; rm -rf /tmp/evil'` would attempt to execute `rm -rf /tmp/evil`. User-provided arguments that are embedded into shell commands or JSON strings must be properly escaped. For JSON content, ensure that special characters like double quotes (`"`) and backslashes (`\`) are escaped. A robust solution would be to use a JSON parsing utility like `jq` to construct the JSON payload safely, or to escape the content string before embedding it. For example, `content_escaped=$(jq -Rsa . <<< "$content")` could be used if `jq` is available, then embed `content_escaped`. | LLM | scripts/moltbook.sh:80 | |
| CRITICAL | Command Injection via unsanitized 'title' and 'content' in 'create' command The `moltbook.sh` script's `create` command constructs a JSON payload for `curl -d` using the user-provided `$title` and `$content` arguments. These arguments are directly embedded into double-quoted strings within the `curl` command. If either `$title` or `$content` contains a double quote (`"`) followed by shell metacharacters (e.g., `;`, `|`, `&`), it can break out of the JSON string and execute arbitrary shell commands on the host system. For example, `moltbook create 'My Title"; echo PWNED > /tmp/pwned.txt' 'My Content'` would attempt to execute `echo PWNED > /tmp/pwned.txt`. User-provided arguments that are embedded into shell commands or JSON strings must be properly escaped. For JSON content, ensure that special characters like double quotes (`"`) and backslashes (`\`) are escaped. A robust solution would be to use a JSON parsing utility like `jq` to construct the JSON payload safely, or to escape the content string before embedding it. For example, `title_escaped=$(jq -Rsa . <<< "$title")` could be used if `jq` is available, then embed `title_escaped`. | LLM | scripts/moltbook.sh:90 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/oyi77/joko-moltbook/scripts/moltbook.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/2b82e6033a15e65f)
Powered by SkillShield