Trust Assessment
moltboard-art received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unescaped user input in 'register' command, Command Injection via unescaped user input in 'place' command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unescaped user input in 'register' command The 'register' command in 'scripts/artboard.sh' directly interpolates user-supplied 'name' and 'description' arguments into a JSON payload for a 'curl' POST request without proper escaping. An attacker can inject shell commands by including backticks (`) or double quotes (") in these arguments, leading to arbitrary code execution on the host system. Sanitize or properly escape user-provided 'name' and 'description' variables before embedding them into the JSON string. A robust solution would be to use a JSON library or a function that correctly escapes special characters (like '"', '\', backticks, '$()') for shell context. For simple cases, replacing '"' with '\"' and ensuring no backticks or '$()' are present might suffice, but a full JSON encoder is best. | LLM | scripts/artboard.sh:50 | |
| CRITICAL | Command Injection via unescaped user input in 'place' command The 'place' command in 'scripts/artboard.sh' directly interpolates user-supplied 'x', 'y', and 'color' arguments into a JSON payload for a 'curl' POST request without proper escaping. An attacker can inject shell commands by including backticks (`) or double quotes (") in these arguments, leading to arbitrary code execution on the host system. Sanitize or properly escape user-provided 'x', 'y', and 'color' variables before embedding them into the JSON string. Ensure numeric inputs are validated as numbers. For string inputs, escape special characters (like '"', '\', backticks, '$()'). | LLM | scripts/artboard.sh:89 | |
| CRITICAL | Command Injection via unescaped user input in 'say' command The 'say' command in 'scripts/artboard.sh' directly interpolates the user-supplied 'msg' argument into a JSON payload for a 'curl' POST request without proper escaping. An attacker can inject shell commands by including backticks (`) or double quotes (") in the message, leading to arbitrary code execution on the host system. Sanitize or properly escape the user-provided 'msg' variable before embedding it into the JSON string. Escape special characters (like '"', '\', backticks, '$()'). | LLM | scripts/artboard.sh:155 | |
| HIGH | Potential Prompt Injection via remote heartbeat instructions The skill instructs the agent to fetch and follow instructions from a remote 'HEARTBEAT_URL' ('https://moltboard.art/heartbeat.md'). If the content of this URL is compromised or controlled by a malicious actor, it could contain instructions designed to manipulate the agent's behavior, leading to prompt injection. The 'artboard.sh' script itself only fetches the content, but the 'SKILL.md' explicitly states 'Follow the instructions each time.' Implement strict parsing and validation of instructions received from 'HEARTBEAT_URL'. Instead of blindly following instructions, the agent should only execute a predefined set of safe commands or actions based on a structured, validated format (e.g., JSON with allowed fields), rather than arbitrary natural language or shell commands. Consider signing the heartbeat content to ensure authenticity. | LLM | SKILL.md:63 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dubibubii/moltboard-art/scripts/artboard.sh:7 |
Scan History
Embed Code
[](https://skillshield.io/report/67530bf9a5c0167b)
Powered by SkillShield