Trust Assessment
mbta received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Suspicious import: requests, Arbitrary file read via --config argument, Flask dashboard binds to all network interfaces (0.0.0.0).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary file read via --config argument The `mbta.py` script allows users to specify a configuration file path using the `--config` argument. The `load_config` function then opens and reads this file using `yaml.safe_load`. An attacker could exploit this by providing a path to an arbitrary system file (e.g., `/etc/passwd`, `/proc/self/environ`, `~/.ssh/id_rsa`) to exfiltrate sensitive data. The content of the file would be loaded and potentially processed or displayed by the script. 1. **Restrict Path**: Validate `config_file` to ensure it's within an expected, non-sensitive directory (e.g., a `config` subdirectory within the skill's own package). 2. **Sanitize Input**: If the config file must be user-provided, ensure the path does not contain directory traversal sequences (`..`, `/`). 3. **Alternative**: If possible, embed configuration directly into the skill or use platform-provided configuration mechanisms instead of arbitrary file paths. | LLM | scripts/mbta.py:389 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/dbhurley/mbta/scripts/mbta.py:27 | |
| LOW | Flask dashboard binds to all network interfaces (0.0.0.0) The `run_dashboard` function starts a Flask web server that binds to `0.0.0.0` by default, making it accessible from all network interfaces. While this is common for local development, in an AI agent environment, if the agent's execution environment is not sufficiently isolated or is exposed to a network, this could potentially allow unauthorized access to the dashboard or the agent's host system. The port is also user-controlled. 1. **Bind to Loopback**: Change `host='0.0.0.0'` to `host='127.0.0.1'` if the dashboard is only intended for local access within the agent's container/VM. 2. **Network Isolation**: Ensure the agent's execution environment is properly firewalled and isolated from external networks if `0.0.0.0` is necessary for internal communication. 3. **Authentication/Authorization**: If the dashboard is meant to be accessed externally, implement proper authentication and authorization mechanisms. | LLM | scripts/mbta.py:509 |
Scan History
Embed Code
[](https://skillshield.io/report/34611d410495ed49)
Powered by SkillShield