Trust Assessment
millionbit-mint received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 3 critical, 0 high, 1 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Command Injection via unescaped image path in `node -e`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 8/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unescaped image path in `node -e` The `prepare_mint.sh` script directly interpolates the user-provided `IMAGE_PATH` variable into a `node -e` command string without proper shell escaping. A malicious `IMAGE_PATH` containing shell metacharacters (e.g., single quotes, command substitutions) can break out of the string and execute arbitrary commands on the host system. Use `printf %q` or similar shell quoting mechanism to properly escape the `IMAGE_PATH` variable before embedding it into the `node -e` command string. Alternatively, pass the `IMAGE_PATH` as an argument to a separate Node.js script instead of embedding it directly in `node -e`. | LLM | scripts/prepare_mint.sh:50 | |
| CRITICAL | Command Injection via unescaped URL argument to Node.js script The `prepare_mint.sh` script passes the user-provided `URL` variable as a direct argument to the `encode_pixels.js` Node.js script. Although the argument is double-quoted, if the `URL` contains shell command substitutions (e.g., `$(command)`), these will be executed by the shell before the `node` command is invoked. Ensure that user-provided arguments are sanitized or passed in a way that prevents shell interpretation. For example, by using `printf %q` for each argument or by reading the URL from stdin in the Node.js script. | LLM | scripts/prepare_mint.sh:79 | |
| CRITICAL | Command Injection via unescaped file path arguments to Node.js script The `resize_image.sh` script passes user-controlled `INPUT` and `OUTPUT` file paths as direct arguments to the `resize.js` Node.js script. If these file paths contain shell command substitutions (e.g., `$(command)`), these will be executed by the shell before the `node` command is invoked. Ensure that user-provided file paths are sanitized or passed in a way that prevents shell interpretation. For example, by using `printf %q` for each argument or by reading the paths from stdin in the Node.js script. | LLM | scripts/resize_image.sh:40 | |
| MEDIUM | Unpinned npm dependency version Dependency 'pako' is not pinned to an exact version ('^1.0.10'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/millionbithomepage/millionbit-mint/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/millionbithomepage/millionbit-mint/package.json | |
| LOW | Unpinned dependencies in package.json The `package.json` file uses caret (`^`) ranges for its dependencies (`pako`, `ethers`, `sharp`). This allows minor and patch version updates, which could introduce breaking changes or security vulnerabilities without explicit review. While common, for security-critical skills, exact version pinning is recommended to ensure deterministic builds and prevent unexpected behavior from upstream dependency updates. Pin all dependencies to exact versions (e.g., `"pako": "1.0.10"`) to ensure deterministic builds and prevent unexpected changes from upstream dependency updates. Ensure a `package-lock.json` file is committed and used. | LLM | package.json:6 |
Scan History
Embed Code
[](https://skillshield.io/report/5df236f257be6a32)
Powered by SkillShield