Trust Assessment
meegle-mcp received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 17 findings: 7 critical, 1 high, 8 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Shell RC file modification, Sensitive environment variable access: $USER.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings17
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/pkycy/meegle-mcp-skill/SKILL.md:34 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:64 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:66 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:67 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:69 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:119 | |
| CRITICAL | Command Injection via unescaped user input in setup script The `setup.sh` script reads `MEEGLE_USER_KEY` and `MEEGLE_MCP_KEY` from user input and directly embeds them into `export` commands written to the user's shell configuration file (`.bashrc`, `.zshrc`, etc.). If a malicious user provides input containing shell metacharacters (e.g., `"; $(malicious_command); echo "`), these commands will be executed when the shell configuration file is sourced. This allows for arbitrary command execution on the user's system. Sanitize or escape user input (`USER_KEY`, `MCP_KEY`) before writing to the shell configuration file. A safer approach is to use `printf %q` for shell escaping or to write the content to a temporary file and then append it, ensuring proper quoting. For example, `printf 'export MEEGLE_USER_KEY="%s"\n' "$USER_KEY" >> "$SHELL_CONFIG"`. | LLM | scripts/setup.sh:68 | |
| HIGH | Sensitive credentials exposed in URL query parameters The `mcp-proxy.js` script constructs the `mcpEndpoint` by embedding `MEEGLE_USER_KEY` and `MEEGLE_MCP_KEY` directly into the URL as query parameters. Sending sensitive credentials in URL query parameters is less secure than using HTTP headers or the request body, as URLs can be logged by proxies, web servers, and appear in browser history or referrer headers. Furthermore, the `MEEGLE_MCP_URL` can be overridden via an environment variable or OpenClaw configuration, allowing an attacker who can control these settings to redirect credentials to a malicious server. Modify the MCP protocol or the proxy implementation to send `MEEGLE_USER_KEY` and `MEEGLE_MCP_KEY` in HTTP headers (e.g., `Authorization` header) or within the JSON request body, rather than in the URL query string. If the protocol mandates query parameters, implement strong warnings about the risks of configuring `MEEGLE_MCP_URL` to untrusted endpoints and consider whitelisting known MCP server URLs. | LLM | scripts/mcp-proxy.js:26 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/pkycy/meegle-mcp-skill/SKILL.md:34 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:41 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:64 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:64 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:66 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:67 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:69 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/pkycy/meegle-mcp-skill/scripts/setup.sh:119 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/pkycy/meegle-mcp-skill/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/195b42d72ead4397)
Powered by SkillShield