Trust Assessment
molt-avatar received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Remote Code Execution via Dynamic Heartbeat Script, Potential Command Injection via API Key in Curl Commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote Code Execution via Dynamic Heartbeat Script The skill explicitly instructs the agent to 'fetch and run `HEARTBEAT.md`' from a remote URL (`https://agent-avatars-production.up.railway.app/heartbeat.md`) on a schedule. This allows the remote server owner to inject and execute arbitrary commands on the agent's host system at any time, without requiring an update to the skill package itself. This is a severe supply chain risk combined with a command injection vulnerability. Agents should never execute arbitrary remote files. If dynamic updates or checks are required, they must be data-driven and validated against a strict schema, not code-driven. The content of `HEARTBEAT.md` should be parsed as data, not executed as commands. Alternatively, embed the necessary logic directly within the skill package or pin the version of any remote script if execution is absolutely unavoidable and thoroughly vetted. | LLM | SKILL.md:30 | |
| HIGH | Potential Command Injection via API Key in Curl Commands The skill provides `curl` commands that embed `YOUR_API_KEY` directly into the command string. If the agent substitutes `YOUR_API_KEY` from an untrusted source (e.g., user input, or a file that could be tampered with) without proper shell escaping or sanitization, a malicious API key value (e.g., `foo; rm -rf /`) could lead to arbitrary command execution on the host system. Ensure all variables interpolated into shell commands are properly escaped or passed as arguments to the command, not directly embedded. For `curl`, use `--header "X-API-Key: $API_KEY"` where `$API_KEY` is properly quoted by the shell, or use a programming language's HTTP client library that handles parameterization securely, rather than constructing shell commands with string concatenation. | LLM | SKILL.md:58 |
Scan History
Embed Code
[](https://skillshield.io/report/4e777e88c4bc29a0)
Powered by SkillShield