Trust Assessment
moltmotion-skill received a trust score of 61/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Unsanitized user input in shell command instruction, Unsanitized script argument used in `npm` command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized user input in shell command instruction The skill instructs the agent to construct and execute a `curl` command for user registration. This command includes placeholders (`<AGENT_NAME>`, `<OPTIONAL_DISPLAY_NAME>`) that are intended to be populated by user input. If these inputs are not properly sanitized or escaped before being embedded into the shell command string, a malicious user could inject arbitrary shell commands, leading to command injection. Instruct the agent to strictly sanitize or escape any user-provided input before embedding it into shell commands. For JSON payloads, ensure proper JSON escaping. For shell commands, use a library or method that safely quotes arguments (e.g., `shlex.quote` in Python, or passing arguments as an array to `subprocess.run` instead of a single string). | LLM | SKILL.md:68 | |
| HIGH | Unsanitized script argument used in `npm` command The `bin/publish.sh` script uses the first command-line argument (`$1`) directly as the `BUMP_TYPE` for the `npm version` command. If this script is executed in an environment where an attacker can control the arguments passed to it, they could inject malicious shell commands (e.g., `npm version "; rm -rf /" --no-git-tag-version`), leading to arbitrary code execution. Sanitize or validate the `BUMP_TYPE` variable to ensure it only contains expected values (e.g., `patch`, `minor`, `major`) and does not contain shell metacharacters. Alternatively, use a more robust method for executing `npm` commands that prevents shell injection. | LLM | bin/publish.sh:8 | |
| MEDIUM | Unpinned npm dependency version Dependency 'ajv' is not pinned to an exact version ('^8.17.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/chefbc2k/moltmotion-skill/package.json | |
| MEDIUM | Unpinned `npx` dependency `clawhub@latest` The `bin/publish.sh` script uses `npx clawhub@latest publish`. Relying on `@latest` means that any new version of `clawhub` published to npm will be used, potentially introducing vulnerabilities or malicious code if the `clawhub` package maintainer account or registry is compromised. This lack of version pinning reduces the determinism and security of the build process. Pin the `clawhub` dependency to a specific version (e.g., `npx clawhub@1.2.3 publish`) to ensure deterministic and secure builds. Regularly update the pinned version after reviewing changelogs and security advisories. | LLM | bin/publish.sh:14 |
Scan History
Embed Code
[](https://skillshield.io/report/48ea3050b6344718)
Powered by SkillShield