Trust Assessment
kradleverse:cleanup received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Destructive Shell Command Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Destructive Shell Command Execution The skill's primary function is to execute a direct `rm -rf` shell command. Executing `rm -rf` can lead to irreversible data loss if the command is executed without proper sandboxing, explicit user confirmation, or if the target path is compromised. Allowing an AI agent to execute such destructive commands poses a significant risk of unintended data deletion or system instability, even if the target directory is specific. Avoid direct execution of destructive shell commands like `rm -rf` within AI agent skills. If cleanup is necessary, implement it through a safer, sandboxed API or a dedicated tool that requires explicit user confirmation and operates with minimal privileges. Ensure the agent's execution environment is strictly sandboxed to prevent unintended system-wide impact. | LLM | SKILL.md:6 |
Scan History
Embed Code
[](https://skillshield.io/report/3bc098637b085318)
Powered by SkillShield