Trust Assessment
meshguard received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 1 critical, 2 high, 3 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized user input in config file, Command Injection via unsanitized 'id' parameters in CLI commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized user input in config file The `meshguard-setup.sh` script reads user input for `MESHGUARD_URL`, `MESHGUARD_API_KEY`, and `MESHGUARD_ADMIN_TOKEN` and writes them directly into `~/.meshguard/config` using `export VAR="${user_input}"`. When this config file is later sourced by `meshguard-cli.sh` or `meshguard-setup.sh` itself, any shell metacharacters (e.g., `$(command)`, `;`, `&&`) present in the user-provided values will be executed, leading to arbitrary command injection. Sanitize user input for `url`, `api_key`, and `admin_token` before writing them to the config file. Escape all shell metacharacters (e.g., using `printf %q`). Alternatively, store configuration in a non-executable format (e.g., JSON, YAML) and parse it securely at runtime, rather than sourcing it as a shell script. | LLM | scripts/meshguard-setup.sh:57 | |
| HIGH | Command Injection via unsanitized 'id' parameters in CLI commands Several `meshguard-cli.sh` commands (e.g., `agents get`, `agents delete`, `policies get`, `policies delete`) directly interpolate user-provided `id` values into the `endpoint` path of `curl` commands. If an attacker provides an `id` containing shell metacharacters (e.g., `123; rm -rf /`), these characters could be executed by the shell before `curl` is invoked, leading to command injection. Ensure that all user-provided arguments used in shell commands are properly escaped. For URL paths, URL-encode the `id` parameter before interpolation. For shell arguments, use `printf %q` to escape the value. | LLM | scripts/meshguard-cli.sh:126 | |
| HIGH | Command Injection via unsanitized 'file' parameter in `policies create` The `cmd_policies_create` function in `meshguard-cli.sh` takes a user-provided `file` path and passes it directly to `yq` or `python3` for YAML parsing. If an attacker provides a malicious file path (e.g., `$(rm -rf /)`), this could result in command injection, executing arbitrary code on the system. Validate and sanitize the `file` path to ensure it does not contain shell metacharacters. Consider using `readlink -f` to resolve the path and ensure it's within expected boundaries, and escape any special characters before passing it to external commands. | LLM | scripts/meshguard-cli.sh:149 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dbhurley/meshguard/scripts/meshguard-cli.sh:6 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dbhurley/meshguard/scripts/meshguard-setup.sh:5 | |
| MEDIUM | Potential Command Injection via unsanitized JSON data in `curl -d` The `cmd_agents_create` and `cmd_signup` functions in `meshguard-cli.sh` construct JSON payloads by directly interpolating user-provided `name`, `tier`, and `email` values. While `curl` itself might not execute shell commands from the `-d` argument, improper quoting or shell parsing of the entire `curl` command line could lead to command injection if the interpolated values contain shell metacharacters that break out of the JSON string and are then interpreted by the shell. Ensure that all user-provided strings interpolated into JSON payloads are properly JSON-escaped (e.g., `"` becomes `\"`, `\` becomes `\\`, etc.) before being passed to `curl -d`. This prevents both JSON parsing errors and potential shell injection if the shell misinterprets the argument. | LLM | scripts/meshguard-cli.sh:133 |
Scan History
Embed Code
[](https://skillshield.io/report/02b72f2fa2067d28)
Powered by SkillShield