Trust Assessment
meshtastic received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 17 findings: 9 critical, 6 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings17
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-direct.js:23 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-persistent.js:142 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-direct.js:7 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-persistent.js:16 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-direct.js:27 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-persistent.js:55 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-persistent.js:170 | |
| CRITICAL | Command Injection via execSync with unsanitized user input The skill uses `child_process.execSync` to execute shell commands, directly interpolating user-controlled input into the command string. This allows an attacker to inject arbitrary shell commands by crafting malicious input, leading to remote code execution on the host system. The `meshtastic-direct.js` script directly passes parsed user input to `execSync`, and `meshtastic-persistent.js` does the same for its `_executeCommand` function. While `test-persistent.js` shows an attempt at escaping quotes and backslashes for message content, this is insufficient to prevent shell metacharacter injection (e.g., `&`, `|`, `;`, `$(...)`, `` `...` ``) when the command is executed via `execSync` which invokes a shell. Implement robust shell escaping for all user-controlled input before passing it to `child_process.execSync`. Prefer `child_process.spawn` with an array of arguments over `execSync` with a single command string, as `spawn` bypasses the shell by default. If `execSync` must be used, ensure all user-provided arguments are properly escaped for the target shell (e.g., using a library like `shell-quote` or `shell-escape`). For example, instead of `execSync(cmd)`, consider `spawn('meshtastic', ['--port', this.port, ...argsArray])` where `argsArray` is constructed from sanitized user input. | LLM | scripts/meshtastic-direct.js:15 | |
| CRITICAL | Command Injection via execSync with unsanitized user input (Persistent connection) Similar to `meshtastic-direct.js`, the `meshtastic-persistent.js` script also uses `child_process.execSync` with user-controlled input directly interpolated into the command string. The `_executeCommand` function constructs a shell command string using the `args` parameter, which can originate from user input. This allows an attacker to inject arbitrary shell commands, leading to remote code execution. The partial escaping for message content shown in `test-persistent.js` is insufficient for preventing shell metacharacter injection when `execSync` is used. Implement robust shell escaping for all user-controlled input before passing it to `child_process.execSync`. Prefer `child_process.spawn` with an array of arguments over `execSync` with a single command string, as `spawn` bypasses the shell by default. If `execSync` must be used, ensure all user-provided arguments are properly escaped for the target shell (e.g., using a library like `shell-quote` or `shell-escape`). For example, instead of `execSync(cmd)`, consider `spawn('meshtastic', ['--port', this.port, ...argsArray])` where `argsArray` is constructed from sanitized user input. | LLM | scripts/meshtastic-persistent.js:139 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-direct.js:35 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-direct.js:40 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-persistent.js:252 | |
| HIGH | Data Exfiltration via Command Injection Output The identified command injection vulnerabilities (SS-LLM-003) allow an attacker to execute arbitrary shell commands. Since the output of `child_process.execSync` is captured and returned by the `exec` and `_executeCommand` methods, an attacker can craft commands to read sensitive files (e.g., `/etc/passwd`, configuration files, environment variables) and exfiltrate their contents through the skill's response. This poses a significant risk of sensitive data leakage. Mitigate the underlying command injection vulnerabilities by properly sanitizing or escaping all user-controlled input before command execution. Additionally, review and restrict the information returned in command outputs to prevent accidental or malicious data leakage. | LLM | scripts/meshtastic-direct.js:17 | |
| HIGH | Data Exfiltration via Command Injection Output (Persistent connection) The identified command injection vulnerabilities (SS-LLM-003) in `meshtastic-persistent.js` allow an attacker to execute arbitrary shell commands. The output of `child_process.execSync` in the `_executeCommand` method is captured and returned, enabling an attacker to read sensitive files (e.g., `/etc/passwd`, configuration files, environment variables) and exfiltrate their contents through the skill's response. This poses a significant risk of sensitive data leakage. Mitigate the underlying command injection vulnerabilities by properly sanitizing or escaping all user-controlled input before command execution. Additionally, review and restrict the information returned in command outputs to prevent accidental or malicious data leakage. | LLM | scripts/meshtastic-persistent.js:143 | |
| HIGH | Excessive Permissions due to Arbitrary Command Execution The command injection vulnerabilities (SS-LLM-003) allow for arbitrary command execution. If the Node.js process running this skill operates with elevated privileges (e.g., as root, or with specific permissions to access serial devices like `/dev/ttyUSB0`), an attacker could leverage this to execute commands with those elevated permissions. This significantly broadens the scope of potential damage, allowing for system-wide compromise, data modification, or destruction. Address the command injection vulnerabilities by implementing robust input sanitization and using safer command execution methods (e.g., `spawn` with an array of arguments). Additionally, ensure the skill runs with the principle of least privilege, limiting its access to only the resources absolutely necessary for its operation. Avoid running the skill as root or with unnecessary permissions. | LLM | scripts/meshtastic-direct.js:15 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/clawforgod/meshtastic-skill/scripts/meshtastic-direct.js:169 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/snail3d/clawforgod/meshtastic-skill/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/bbe081afcd97abc4)
Powered by SkillShield