Trust Assessment
moltext received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Unsanitized Arguments, Supply Chain Risk: Unpinned Dependency, Excessive Permissions Required for Skill Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsanitized Arguments The skill instructs the agent to execute shell commands (`moltext <url> --raw --output <filename.md>`) where `<url>` and `<filename.md>` are placeholders for user-provided input. If the agent does not properly sanitize these inputs before passing them to the shell, a malicious user could inject arbitrary shell commands, leading to remote code execution or other system compromises. Instruct the agent to sanitize all user-provided inputs (e.g., `<url>`, `<filename.md>`) before passing them to shell commands. This can involve escaping shell metacharacters or using a dedicated library for safe command execution that avoids direct shell interpretation. | LLM | SKILL.md:29 | |
| HIGH | Supply Chain Risk: Unpinned Dependency The skill instructs the agent to install the `moltext` package globally using `npm install -g moltext`. This command does not specify a version, meaning it will always fetch the latest version from the npm registry. This introduces a significant supply chain risk where a malicious or compromised update to the `moltext` package could be automatically installed and executed by the agent, leading to system compromise. Pin the dependency to a specific, known-good version (e.g., `npm install -g moltext@1.2.3`) to prevent automatic installation of potentially malicious future updates. Regularly review and update the pinned version after verifying its integrity. | LLM | SKILL.md:20 | |
| MEDIUM | Excessive Permissions Required for Skill Execution The skill requires the `node` and `npm` binaries and instructs the agent to install a global package (`moltext`) and execute it with arbitrary URLs and file paths. This grants the skill broad permissions, including network access (fetching content from arbitrary URLs) and filesystem write/read access. While necessary for the skill's intended function, these broad capabilities represent a significant attack surface if the `moltext` tool itself is compromised or if the agent is tricked into processing malicious inputs or URLs. Advise users of the skill about the broad permissions required and the potential risks. If possible, explore sandboxing mechanisms or least-privilege execution environments for the `moltext` tool to limit its potential impact in case of compromise. Ensure the `moltext` tool itself follows secure coding practices and input validation. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/cd2c00faa4ba8d3e)
Powered by SkillShield