Trust Assessment
lobsterhood received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned npm dependency version, Potential Command Injection via 'bankr' skill arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via 'bankr' skill arguments The 'scripts/lobsterhood.sh' script constructs arguments for the 'bankr' skill by directly interpolating user-controlled or API-controlled variables (e.g., '$chain', '$wallet', '$amount', '$winner') into a single string argument. If the 'bankr' skill interprets this string as a shell command or allows for command substitution, an attacker could inject arbitrary shell commands by crafting malicious input for these variables. For example, if '$chain' contains shell metacharacters, it could lead to arbitrary code execution when 'bankr' is invoked. 1. **Preferred:** Modify the 'bankr' skill to accept structured, separate arguments (e.g., `--action balance --chain <chain>`) instead of a natural language string, and ensure it properly sanitizes or escapes all input. 2. **Alternative (if 'bankr' cannot be changed):** Implement robust input sanitization within 'lobsterhood.sh' for all variables ('$chain', '$wallet', '$amount', '$winner') before they are passed to 'bankr'. This would involve escaping any characters that could be interpreted as shell metacharacters or command separators. However, this is complex and error-prone for natural language parsing. | LLM | scripts/lobsterhood.sh:30 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dub88/lobsterhood/scripts/lobsterhood.sh:126 | |
| MEDIUM | Unpinned npm dependency version Dependency '@vercel/analytics' is not pinned to an exact version ('^1.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/dub88/lobsterhood/package.json | |
| LOW | Dependencies use caret ranges, allowing minor/patch updates The 'package.json' file specifies several dependencies using caret ('^') version ranges (e.g., '^1.6.1', '^11.0.0', '^18'). While this is common practice, it allows for automatic updates to minor or patch versions. In security-sensitive contexts, exact version pinning is preferred to ensure reproducibility and prevent unexpected introduction of vulnerabilities or breaking changes from upstream packages. Replace caret ('^') ranges with exact version pins (e.g., "@vercel/analytics": "1.6.1") to ensure deterministic builds and prevent unintended dependency updates. Regularly audit and manually update dependencies to incorporate security fixes. | LLM | package.json:9 |
Scan History
Embed Code
[](https://skillshield.io/report/ff3b3ff2a31f84d1)
Powered by SkillShield