Trust Assessment
moltbook received a trust score of 49/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 3 medium, and 0 low severity. Key findings include Potential hardcoded secret (high entropy), Sensitive environment variable access: $HOME, Shell Command Injection via Unescaped User Input in JSON Payload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell Command Injection via Unescaped User Input in JSON Payload The `reply` and `create` commands in `scripts/moltbook.sh` construct JSON payloads by directly interpolating user-provided arguments (`content` and `title`) into a double-quoted string that is then passed as an argument to `api_call`. This allows an attacker to inject arbitrary shell commands by crafting malicious input that breaks out of the double-quoted string. For example, providing `"; rm -rf /; echo "` as content would execute `rm -rf /` on the host system before the `curl` command is even fully parsed, leading to arbitrary code execution. User-provided strings must be properly escaped for JSON before being embedded into the `curl -d` argument. The most robust solution is to use `jq` to construct the JSON payload, which handles escaping automatically. For example, replace `"{\"content\":\"${content}\"}"` with `$(jq -n --arg content "$content" '{"content": $content}')`. This requires `jq` to be installed and available. Ensure `jq` is a mandatory dependency or provide a robust, secure fallback for JSON escaping. | LLM | scripts/moltbook.sh:99 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.88) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/bucsaradu/gemini-spark-core/SKILL.md:11 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.88) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/bucsaradu/gemini-spark-core/SKILL.md:15 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/bucsaradu/gemini-spark-core/scripts/moltbook.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/18fe4be68bf1cc7b)
Powered by SkillShield