Trust Assessment
kradleverse:observe received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted skill definition allows arbitrary shell command execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted skill definition allows arbitrary shell command execution The skill's primary definition in `SKILL.md` is sourced from untrusted content and directly specifies a `bash` command block for execution. This mechanism allows an attacker to define and execute arbitrary shell commands on the host system if a malicious skill is invoked by the AI agent. While the provided command `~/.kradle/kradleverse/venv/bin/python ~/.kradle/kradleverse/scripts/get_observations.py --help` is benign, the underlying capability represents a critical command injection vulnerability. Skills should not be defined by direct shell command blocks from untrusted sources without strict sandboxing and input validation. Implement a secure execution environment that prevents arbitrary shell command execution, or use a more structured, less permissive skill definition language. If shell execution is absolutely necessary, ensure all commands and arguments are strictly validated, sanitized, and executed with minimal privileges within a tightly controlled sandbox. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6caad3c62a82024d)
Powered by SkillShield