Trust Assessment
lan-scanner received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Potential Command Injection in `nmap` target, Instruction to use `sudo` for `nmap` OS detection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection in `nmap` target The skill instructs the use of `nmap` commands with placeholders like `{subnet}` and `{target}`. If an AI agent directly interpolates untrusted user input into these commands without robust sanitization, it could lead to command injection, allowing an attacker to execute arbitrary shell commands. Although the skill provides a 'Validate target' step with critical warnings, this is a textual instruction, not an enforced programmatic safeguard within the skill's definition. Implement strict input validation and sanitization for all user-provided network targets (`{subnet}`, `{target}`). Ensure that only valid IP addresses or CIDR ranges are accepted and that no shell metacharacters can be injected. The validation logic described in 'Validate target' (Step 2) must be programmatically enforced by the agent before command execution. | LLM | SKILL.md:30 | |
| HIGH | Instruction to use `sudo` for `nmap` OS detection The skill explicitly instructs the use of `sudo nmap -O {target}` for OS detection. Executing commands with `sudo` grants elevated privileges, which is a significant security risk if the `{target}` input is not thoroughly sanitized or if the agent's execution environment is not properly sandboxed. While `nmap` might require `sudo` for certain features, the skill documentation itself does not provide programmatic safeguards to ensure safe execution with elevated privileges. Re-evaluate the necessity of `sudo` for this skill. If `sudo` is absolutely required, the agent implementing this skill must ensure: 1. The `nmap` command and its arguments are strictly validated and sanitized to prevent command injection. 2. The execution environment is sandboxed with minimal necessary privileges. 3. The user is explicitly prompted and confirms the elevated privilege execution for each instance. Consider if alternative, less privileged methods can achieve similar results, or if OS detection can be omitted. | LLM | SKILL.md:35 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/lan-scanner/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/d1613624e7700d98)
Powered by SkillShield