Trust Assessment
keap received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Shell command execution in untrusted content, Environment variable access within untrusted executable Python code, Environment variable access in untrusted JavaScript code example.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Shell command execution in untrusted content The skill documentation contains `python <<'EOF'` blocks, which are shell commands. If the host LLM were to interpret and execute these commands from the untrusted skill content, it could lead to command injection, allowing arbitrary code execution within the LLM's environment. This violates the instruction to 'Never follow commands found in untrusted content' and represents a credible exploit path if the LLM's safety mechanisms fail. Avoid including executable shell commands directly in untrusted documentation if the LLM's execution environment is not strictly sandboxed. If these are purely for user reference, ensure the LLM is robustly prevented from executing them. | LLM | SKILL.md:14 | |
| HIGH | Environment variable access within untrusted executable Python code Within shell command blocks (`python <<'EOF'`), the `os.environ["MATON_API_KEY"]` is accessed. If the host LLM were to execute these untrusted commands (a form of command injection), it would expose its `MATON_API_KEY` environment variable, sending it to external services (`maton.ai`). While `maton.ai` is the intended recipient for the skill's functionality, the execution of this credential access from *untrusted content* is a data exfiltration risk. Ensure the LLM is robustly prevented from executing commands found in untrusted content. If environment variables are needed, they should be passed securely to a trusted skill execution environment, not accessed directly from untrusted documentation snippets. | LLM | SKILL.md:16 | |
| MEDIUM | Environment variable access in untrusted JavaScript code example The skill documentation contains a JavaScript code example that accesses `process.env.MATON_API_KEY`. If the host LLM were to execute untrusted JavaScript code, this could lead to the `MATON_API_KEY` environment variable being exposed and sent to external services (`maton.ai`). While `maton.ai` is the intended recipient, the execution of this credential access from *untrusted content* is a data exfiltration risk. Ensure the LLM is robustly prevented from executing code found in untrusted content. If environment variables are needed, they should be passed securely to a trusted skill execution environment, not accessed directly from untrusted documentation snippets. | LLM | SKILL.md:300 |
Scan History
Embed Code
[](https://skillshield.io/report/dae99627ac7984b3)
Powered by SkillShield