Trust Assessment
mactop received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Shell Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via Shell Execution The skill's usage examples demonstrate direct execution of shell commands (`mactop`, `grep`, `awk`). If the LLM implements this skill by constructing these commands with untrusted user input (e.g., for arguments like `--count`, `--interval`, or patterns for `grep`/`awk`) without robust sanitization, it could lead to arbitrary command execution on the host system. This is a high-risk vector for system compromise, as `grep` and `awk` patterns can be manipulated to execute arbitrary commands. Implement strict input validation and sanitization for all user-provided inputs used in constructing shell commands. Avoid direct interpolation of user input into shell commands. Consider using a safer method for executing external processes, such as a dedicated library that handles argument escaping, or hardcode all sensitive parts of the commands. For `grep` and `awk` patterns, ensure they are either hardcoded or rigorously validated against a strict allowlist to prevent injection. | LLM | SKILL.md:25 |
Scan History
Embed Code
[](https://skillshield.io/report/e105f57ebe48649a)
Powered by SkillShield