Trust Assessment
mlscp received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Shell Command Injection via mlscp.sh script arguments, MLSCP 'F?' operation allows arbitrary file reads, Potential typo in GitHub repository URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Shell Command Injection via mlscp.sh script arguments The skill demonstrates executing `./scripts/mlscp.sh` with arguments derived from untrusted input, such as `$INCOMING_COMMAND` or 'Your natural language instruction'. If the `mlscp.sh` script does not properly sanitize or quote these arguments before passing them to internal commands (e.g., `eval`, `bash -c`, or other subprocess calls), an attacker could inject arbitrary shell commands, leading to remote code execution. Ensure that all arguments passed to `mlscp.sh` from untrusted sources are rigorously sanitized and properly quoted (e.g., using `shlex.quote` in Python or similar mechanisms in shell scripts) to prevent shell metacharacters from being interpreted as commands. Ideally, avoid direct shell execution of untrusted input by using a robust, dedicated parser. | LLM | SKILL.md:69 | |
| HIGH | MLSCP 'F?' operation allows arbitrary file reads The MLSCP protocol defines an `F?` (File query/read) operation. If an attacker can control the target path argument for this operation (e.g., `F? /etc/passwd > ln1-100`), and the underlying `mlscp.sh` script or Python API executes this command without proper path validation or sandboxing, it could lead to the reading and exfiltration of arbitrary files from the system. This represents an excessive permission granted to the protocol's file access capabilities. Implement strict path validation and sandboxing for all file operations, especially `F?`. Ensure that file paths are restricted to an allowed directory (e.g., project root) and that directory traversal (`../`) is prevented. The agent executing the MLSCP command should operate with the principle of least privilege and only access files within its designated scope. | LLM | SKILL.md:39 | |
| INFO | Potential typo in GitHub repository URL The GitHub URL provided in the resources section is `https://github.com/sirkrouph-dev/mlcp`, which uses `mlcp` instead of `mlscp` (Micro LLM Swarm Communication Protocol), the name of the skill. This could be a typo, leading users to the wrong repository, or it might indicate a discrepancy in naming conventions, which could cause confusion or lead to installing the wrong package. Verify and correct the GitHub repository URL to match the skill's name (`mlscp`) if it is indeed a typo, or clarify the relationship between `mlcp` and `mlscp` if they are distinct but related projects. | LLM | SKILL.md:93 |
Scan History
Embed Code
[](https://skillshield.io/report/4d8e799c3697fe88)
Powered by SkillShield