Trust Assessment
mcp-duckgo received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unsanitized user input in shell command execution, Unpinned `npx` dependencies allow execution of arbitrary code, Skill allows arbitrary shell command execution via `npx`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in shell command execution The skill executes shell commands using `npx` and directly interpolates user-provided `keyword` and `url` values into the command string without apparent sanitization. An attacker can inject arbitrary shell commands by crafting malicious input for `query` or `url`, leading to arbitrary code execution on the host system. Implement robust input sanitization and validation for `keyword` and `url` before they are used in shell commands. Ideally, use a library or framework that safely handles command arguments, preventing direct string interpolation. Consider using a dedicated API for search/fetch instead of shelling out. | LLM | SKILL.md:7 | |
| CRITICAL | Unpinned `npx` dependencies allow execution of arbitrary code The skill uses `npx` to execute `mcporter` and `uvx duckduckgo-mcp-server` without specifying version numbers. This means `npx` will always fetch and execute the latest available version of these packages from the npm registry. A malicious actor could publish a compromised version of `mcporter` or `duckduckgo-mcp-server`, leading to arbitrary code execution on the agent's host system. Pin `mcporter` and `uvx duckduckgo-mcp-server` to specific, trusted versions (e.g., `npx mcporter@1.2.3` or `uvx@4.5.6`). Regularly review and update these pinned versions after security vetting. Consider vendoring critical dependencies or using a private registry. | LLM | SKILL.md:7 | |
| HIGH | Skill allows arbitrary shell command execution via `npx` The skill's core functionality relies on executing `npx` commands, which can download and run arbitrary Node.js packages from the npm registry. Combined with the command injection vulnerability (SS-LLM-003), this grants the skill excessive permissions, allowing it to execute any command on the host system that the agent has access to. Re-evaluate the necessity of direct shell execution for web search and content fetching. Prefer using dedicated, sandboxed APIs or libraries within the agent's runtime environment. If shell execution is unavoidable, strictly whitelist commands and arguments, and run them in a highly restricted environment (e.g., containerized with minimal privileges). | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/7863551c74c6e6c0)
Powered by SkillShield