Trust Assessment
lobster-jobs received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Lobster Workflow 'command' field processing, Arbitrary File Write via '--output-dir' in 'convert' command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Lobster Workflow 'command' field processing The `SKILL.md` describes a 'Workflow File Format' where `steps` contain a `command` field intended for shell execution (e.g., `command: some-cli fetch --json`). The `lobster-jobs` skill is designed to `validate` these workflow files and `convert` existing cron jobs into this format. If the `lobster-jobs` skill, during its `validate` or `convert` operations, processes or evaluates the content of the `command` field (e.g., to check command existence, syntax, or simulate execution) without proper sanitization or sandboxing, it could lead to command injection. A malicious user could craft a workflow file with arbitrary shell commands (e.g., `command: rm -rf /`) and provide it to `lobster-jobs validate`, or if `convert` processes untrusted input containing malicious commands, these could be executed by the skill itself. Implement strict sanitization, allowlisting, or sandboxing for commands processed by `lobster-jobs`. Ensure that any evaluation or execution of `command` fields during validation or conversion is done in a secure, isolated environment, or that only schema validation is performed without execution. | LLM | SKILL.md:145 | |
| HIGH | Arbitrary File Write via '--output-dir' in 'convert' command The `lobster-jobs convert` command allows specifying an output directory using `--output-dir` or `-o`. If this argument is not properly sanitized or restricted, a malicious user could specify an arbitrary path (e.g., `/etc/`, `/root/`) to write the generated workflow file, potentially overwriting critical system files or placing malicious files in sensitive locations. While the default is `~/.lobster/workflows/`, the `--output-dir` option allows bypassing this default. Restrict the `--output-dir` argument to a predefined set of safe directories or enforce that it must be a subdirectory of a user's home directory or a designated workspace. Implement robust path sanitization to prevent path traversal attacks. | LLM | SKILL.md:79 |
Scan History
Embed Code
[](https://skillshield.io/report/4ad203a3aed194f9)
Powered by SkillShield