Trust Assessment
klutch received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 2 critical, 3 high, 5 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/klutch/scripts/auth.py:39 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/klutch/scripts/auth.py:47 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_credentials'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/klutch/scripts/auth.py:39 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_credentials'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/klutch/scripts/auth.py:47 | |
| HIGH | Argument Injection via Environment Variable in Subprocess Call The 'scripts/auth.py' file uses 'subprocess.run' to execute the 'op' (1Password CLI) command. The 'item_name' variable, which is sourced from the 'KLUTCH_1PASSWORD_ITEM' environment variable, is directly interpolated into the argument string passed to 'op' (e.g., f"op://Clawd/{item_name}/api key"). While 'subprocess.run' with a list of arguments prevents classic shell injection, it does not prevent argument injection. If an attacker can control the 'KLUTCH_1PASSWORD_ITEM' environment variable, they could craft 'item_name' to include additional arguments for the 'op' command (e.g., '--output-file /tmp/exfil.txt') or manipulate the path in a way that could lead to unintended actions, data exfiltration, or credential compromise by the 'op' command itself. Sanitize or validate the 'item_name' environment variable before interpolating it into the 'op' command argument. If possible, use a method that passes the item name as a distinct, quoted argument to 'op' if the CLI supports it, or ensure 'op' itself has robust parsing for such paths. Consider using a dedicated 1Password SDK if available, which might offer safer ways to retrieve secrets programmatically without direct shell command execution. | LLM | scripts/auth.py:49 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/klutch/scripts/auth.py:9 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/klutch/scripts/klutch.py:16 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/kesslerio/klutch/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'click' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/kesslerio/klutch/requirements.txt:2 | |
| MEDIUM | Unpinned Dependencies in requirements.txt The 'requirements.txt' file specifies 'requests' and 'click' without version pinning. This can lead to non-deterministic builds, unexpected behavior, or introduce vulnerabilities if new versions of these packages contain breaking changes or security flaws. It makes the supply chain less secure and harder to audit. Pin all dependencies to specific versions (e.g., 'requests==2.28.1', 'click==8.1.3') to ensure consistent and secure builds. Use a lock file mechanism if available for the ecosystem. | LLM | requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/2edc7eabb2d2c9a3)
Powered by SkillShield