Trust Assessment
masonry received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Potential Command Injection via User Input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/junaid1460/masonry-generate-image-and-video/SKILL.md:21 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/junaid1460/masonry-generate-image-and-video/SKILL.md:21 | |
| CRITICAL | Recursive Skill Installation and Supply Chain Risk The `masonry skill install` command allows the `masonry` CLI to download and install additional skills into the agent's `.claude/skills/` directory. This creates a significant supply chain risk, as the `masonry` CLI can introduce new, potentially unvetted or malicious code into the agent's execution environment. If these newly installed skills contain vulnerabilities or malicious logic, they could be executed by the agent, leading to arbitrary code execution and compromise of the agent or its host system. Remove the capability for the `masonry` CLI to install additional skills directly into the agent's skill directory. All skills should be explicitly vetted and installed through a secure, controlled process. If dynamic skill loading is required, implement strict sandboxing and code signing verification for all new skills. | LLM | SKILL.md:108 | |
| HIGH | Potential Command Injection via User Input The skill passes user-provided input (e.g., image/video prompts, job IDs) directly as arguments to `masonry` CLI commands. The declared permission `Bash(masonry:*)` allows the agent to construct and execute shell commands starting with `masonry`. If the `masonry` CLI does not properly sanitize or escape these arguments before execution, a malicious user could inject arbitrary shell commands. For example, a prompt like 'my prompt; rm -rf /' could lead to unintended command execution if not handled correctly by the underlying CLI or the skill's command construction. Ensure all user-provided input passed to shell commands is strictly validated and properly escaped or quoted to prevent shell metacharacter injection. Ideally, use a safe command execution mechanism that avoids direct shell interpretation of arguments. | LLM | SKILL.md:26 | |
| HIGH | Arbitrary File Write via Output Path The `masonry job download` command explicitly allows specifying an arbitrary output path using the `-o` flag. A malicious user could exploit this to write files to sensitive locations on the agent's filesystem (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`, or web server directories), potentially leading to privilege escalation, data exfiltration, or denial of service. The skill does not appear to restrict or validate the provided output path. Restrict the output path to a safe, sandboxed directory (e.g., a temporary directory or a user-specific download folder). Implement strict validation to prevent directory traversal attacks and writing to sensitive system locations. | LLM | SKILL.md:32 | |
| MEDIUM | Untrusted Dependency Installation Method The `masonry` CLI, a core dependency of this skill, is instructed to be installed via `curl -sSL https://media.masonry.so/cli/install.sh | sh`. This method executes arbitrary code downloaded from an external URL without prior review or cryptographic verification. While this instruction is for the user, the skill's functionality relies entirely on this potentially untrusted binary. A compromise of the `media.masonry.so` domain or the installation script could lead to the execution of malicious code on the user's system, impacting the integrity of the skill's environment. Provide a more secure installation method for the `masonry` CLI, such as package manager installations with cryptographic verification, or direct downloads with checksum validation. Avoid `curl | sh` for production environments. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/e5d6688e43e8cc96)
Powered by SkillShield