Trust Assessment
moltbook received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 7 findings: 5 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $USER, Shell Command Injection via Unescaped User Input in JSON Payload, Shell Command Injection via Unescaped User Input in URL Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell Command Injection via Unescaped User Input in JSON Payload The `SUBMOLT` variable, which is user-controlled, is directly interpolated into a JSON string within a `curl -d` argument without proper shell escaping. An attacker can inject arbitrary shell commands by providing a `SUBMOLT` value containing a double quote, which terminates the JSON string and allows subsequent shell commands to be executed. Ensure all user-controlled variables interpolated into shell commands or JSON payloads are properly escaped. For JSON, use a robust JSON escaping utility or construct the JSON using a tool like `jq` to prevent injection. For shell arguments, use `printf %q` or ensure variables are properly quoted and sanitized. | LLM | scripts/post.sh:20 | |
| CRITICAL | Shell Command Injection via Unescaped User Input in URL Path The `USERNAME` variable, which is user-controlled, is directly interpolated into the URL path of a `curl` command without proper shell or URL escaping. An attacker can inject arbitrary shell commands by providing a `USERNAME` value containing a double quote, which terminates the URL string and allows subsequent shell commands to be executed. Ensure all user-controlled variables interpolated into shell commands or URLs are properly escaped. For URL paths, use a URL encoding function. For shell arguments, use `printf %q` or ensure variables are properly quoted and sanitized. | LLM | scripts/profile.sh:14 | |
| CRITICAL | Shell Command Injection via Unescaped User Input in URL Path The `POST_ID` variable, which is user-controlled, is directly interpolated into the URL path of a `curl` command without proper shell or URL escaping. An attacker can inject arbitrary shell commands by providing a `POST_ID` value containing a double quote, which terminates the URL string and allows subsequent shell commands to be executed. Ensure all user-controlled variables interpolated into shell commands or URLs are properly escaped. For URL paths, use a URL encoding function. For shell arguments, use `printf %q` or ensure variables are properly quoted and sanitized. | LLM | scripts/read.sh:8 | |
| CRITICAL | Shell Command Injection via Unescaped User Input in URL Query Parameter The `LIMIT` variable, which is user-controlled, is directly interpolated into the URL query parameter of a `curl` command without proper shell or URL escaping. An attacker can inject arbitrary shell commands by providing a `LIMIT` value containing a double quote, which terminates the URL string and allows subsequent shell commands to be executed. Ensure all user-controlled variables interpolated into shell commands or URLs are properly escaped. For URL query parameters, use a URL encoding function. For shell arguments, use `printf %q` or ensure variables are properly quoted and sanitized. | LLM | scripts/trending.sh:7 | |
| CRITICAL | Shell Command Injection via Unescaped User Input in URL Path The `POST_ID` variable, which is user-controlled, is directly interpolated into the URL path of a `curl` command without proper shell or URL escaping. An attacker can inject arbitrary shell commands by providing a `POST_ID` value containing a double quote, which terminates the URL string and allows subsequent shell commands to be executed. Ensure all user-controlled variables interpolated into shell commands or URLs are properly escaped. For URL paths, use a URL encoding function. For shell arguments, use `printf %q` or ensure variables are properly quoted and sanitized. | LLM | scripts/upvote.sh:12 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/swaylq/moltbook-voidborne/scripts/profile.sh:9 | |
| INFO | Implicit Dependency on Node.js without Version Pinning The `read.sh` and `trending.sh` scripts rely on Node.js for JSON parsing and formatting, but Node.js is not explicitly listed as a required binary in the manifest, nor is a specific version pinned. This introduces a supply chain risk as the skill's functionality depends on an unmanaged external runtime, which could change behavior or introduce vulnerabilities if an incompatible or malicious version is installed on the host system. Explicitly declare all external runtime dependencies (like Node.js) in the skill's manifest, ideally with version constraints. Consider using a containerized environment or a more robust JSON parsing tool that is self-contained or has fewer external dependencies if Node.js is not a core requirement for the skill's ecosystem. | LLM | scripts/read.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/33cd87341ec9ef18)
Powered by SkillShield