Trust Assessment
locus received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Agent instructed to use unsanitized user input in shell command, Agent instructed to use unsanitized user input for tool calls, Shell script uses unsanitized user input for API key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Agent instructed to use unsanitized user input in shell command The `SKILL.md` instructs the AI agent to take a user-provided API key and directly embed it into a shell command (`mcporter config add ... --header "Authorization=Bearer <API_KEY>"`). If the user provides a malicious string containing shell metacharacters (e.g., `locus_key" && rm -rf /`), the agent, following these instructions, could execute arbitrary commands on the host system. The agent should sanitize or escape user-provided input before using it in shell commands. For API keys, consider using environment variables or a secure configuration mechanism that doesn't involve direct shell string concatenation. If direct shell execution is unavoidable, use a library that properly escapes arguments (e.g., `shlex.quote` in Python). | LLM | SKILL.md:37 | |
| CRITICAL | Agent instructed to use unsanitized user input for tool calls The `SKILL.md` instructs the AI agent to call `mcporter` tools using user-controlled `<tool_name>` and `param1=value1 param2=value2` arguments. If these values are derived directly from user input without sanitization, an attacker could inject arbitrary shell commands by crafting malicious tool names or parameter values. The agent should strictly validate and sanitize all user-provided inputs used in `mcporter call` commands. Tool names should be validated against a known list, and parameter values should be properly escaped or passed via a secure mechanism (e.g., JSON arguments if `mcporter` supports it, or using `shlex.quote` for individual parameters). | LLM | SKILL.md:55 | |
| CRITICAL | Shell script uses unsanitized user input for API key The `scripts/setup.sh` script prompts the user for an API key and then directly embeds this user-provided input (`$api_key`) into a shell command (`mcporter config add ... --header "Authorization=Bearer $api_key"`) without any sanitization. This allows for command injection if a malicious user provides an API key containing shell metacharacters (e.g., `locus_key" && evil_command`). The `api_key` variable must be properly escaped before being used in the `mcporter config add` command. For bash, `printf %q "$api_key"` can be used to quote the string for safe use as a shell argument. Alternatively, `mcporter` should offer a way to pass sensitive data securely, e.g., via stdin or a dedicated flag that handles escaping internally. | LLM | scripts/setup.sh:65 | |
| HIGH | Unpinned `npm` dependency installation Both the `SKILL.md` instructions for the agent and the `scripts/setup.sh` script instruct to install `mcporter` using `npm i -g mcporter`. This command installs the latest available version of the `mcporter` package globally. Without pinning a specific version, there's a risk of installing a malicious update, a compromised package, or a version with breaking changes that could affect the skill's functionality or security. Pin the `mcporter` dependency to a specific, known-good version (e.g., `npm i -g mcporter@1.2.3`). Regularly review and update the pinned version after verifying its integrity and security. The same remediation applies to `scripts/setup.sh` at line 17. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/d1da2b92110f7800)
Powered by SkillShield