Trust Assessment
location-safety received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 8 critical, 1 high, 3 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary command execution, Unsafe deserialization / dynamic eval.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/sidu/location-safety-skill/scripts/server.js:114 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/sidu/location-safety-skill/scripts/self-check.js:12 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/sidu/location-safety-skill/scripts/self-check.js:35 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/sidu/location-safety-skill/scripts/self-check.js:47 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/sidu/location-safety-skill/scripts/self-check.js:60 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/sidu/location-safety-skill/scripts/self-check.js:72 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/sidu/location-safety-skill/scripts/self-check.js:128 | |
| CRITICAL | Hardcoded Emergency Contact Email in Escalation Script The `escalation-check.js` script contains a hardcoded emergency contact email (`ashuppal@gmail.com`) and name (`Ash`). This script is responsible for sending escalation emails when a user does not respond to a safety alert. The script does not load the user-configured emergency contact from `config.json` or any other dynamic source. This means that regardless of user configuration, all escalation emails will be sent to the hardcoded address, leading to unauthorized disclosure of sensitive alert information to an unintended recipient. Modify `escalation-check.js` to dynamically load the emergency contact details from `config.json` (or a similar configuration source) instead of using hardcoded values. Ensure that the `setup.js` script correctly populates `config.json` and that `escalation-check.js` reads from it. | LLM | scripts/escalation-check.js:15 | |
| HIGH | Excessive Permissions and Command Execution in Self-Check Script The `self-check.js` script uses `child_process.execSync` to run multiple system commands, including `sudo powermetrics`. The use of `sudo` grants elevated privileges to the skill, which is an excessive permission for a general AI agent skill. While the commands themselves are hardcoded and not directly user-controlled in the current version, the capability to execute arbitrary shell commands with `sudo` poses a significant security risk. If the execution environment is compromised or if future modifications introduce user-controlled input into these commands, it could lead to full system compromise. Re-evaluate the necessity of `sudo` for `powermetrics`. If elevated privileges are strictly required, ensure the skill runs in a highly isolated and sandboxed environment with minimal permissions. Consider alternative, less privileged methods for gathering system metrics. Implement strict input validation and sanitization if any part of the command string could ever be influenced by external input. | LLM | scripts/self-check.js:49 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/sidu/location-safety-skill/scripts/safety-check.js:38 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/sidu/location-safety-skill/scripts/test-scenarios.js:17 | |
| MEDIUM | Secret Key Logged to Console on Server Startup The `server.js` script logs the `SECRET_KEY` to `console.log` when the server starts. This key is used for authenticating requests to the `/location` endpoint, which handles sensitive user location data. If the environment where the skill runs captures `stdout` (e.g., container logs, systemd journals, or the LLM's internal logging), this key could be exposed to unauthorized parties, allowing them to update or retrieve user location data. Remove the `console.log` statement that outputs the `SECRET_KEY`. The key should be stored securely and accessed only by authorized components. If the key needs to be displayed for setup, it should be done through a secure, ephemeral mechanism, not persistent logging. | LLM | scripts/server.js:109 | |
| INFO | Incomplete Analysis Due to Truncated File Content The provided content for `scripts/safety-check.js` is truncated. This prevents a complete and thorough security analysis of the file, as potential vulnerabilities in the missing sections cannot be assessed. Provide the complete file content for `scripts/safety-check.js` to enable a full security analysis. | LLM | scripts/safety-check.js:166 |
Scan History
Embed Code
[](https://skillshield.io/report/a11856f63aae9ad4)
Powered by SkillShield