Trust Assessment
moltron-skill-creator received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Command Injection via Unsanitized Skill Name in Shell Commands, Unpinned `@smythos/sdk` dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/alaa-eddine/moltron-skill-creator/scripts/score.js:19 | |
| CRITICAL | Command Injection via Unsanitized Skill Name in Shell Commands The skill instructs the LLM to construct and execute shell commands using a user-provided skill/project name (e.g., `<skill-name>`, `<project-name>`). While the skill suggests 'kebab-case', there is no explicit instruction for the LLM to sanitize or shell-quote this input before embedding it into shell commands. A malicious user could inject shell metacharacters (e.g., `;`, `&&`, `|`) into the skill name, leading to arbitrary command execution when the LLM constructs and runs commands like `ln -s`, `cp -r`, or `cd`. The interactive `sre create` prompt for 'Project name' is also a vector. Instruct the LLM to strictly sanitize or shell-quote any user-provided skill/project names before embedding them into shell commands. For example, use a function to escape shell metacharacters or ensure the LLM wraps the variable in single quotes. | LLM | SKILL.md:169 | |
| HIGH | Unpinned `@smythos/sdk` dependency The skill explicitly instructs the LLM to install `@smythos/sdk` using the `@latest` tag (`npm install @smythos/sdk@latest`). This practice means that any new skill created will always pull the most recent version of the SDK, which could introduce breaking changes, vulnerabilities, or even malicious code if the upstream repository is compromised, without explicit review or version control. Instruct the LLM to use a specific, pinned version of `@smythos/sdk` (e.g., `npm install @smythos/sdk@1.2.3`) or to update `package.json` with a caret range (`^1.2.3`) and then run `npm install` to ensure reproducible builds and reduce the risk of unexpected changes from upstream. | LLM | SKILL.md:136 | |
| MEDIUM | Undeclared `node-sqlite` dependency in `score.js` The `scripts/score.js` file imports `DatabaseSync` from `node:sqlite`. This is not a built-in Node.js module and implies a dependency on an external package (e.g., `node-sqlite`). This dependency is not declared in any `package.json` within the provided context, nor is there an instruction for the LLM to install it. This creates an unmanaged dependency, leading to potential runtime errors if the package is not pre-installed, or supply chain risks if an unexpected version is present in the environment. Explicitly declare `node-sqlite` (or the correct package name) as a dependency in a `package.json` file alongside `score.js` and instruct the LLM to install it, or ensure it's a pre-installed system dependency and document this requirement. | LLM | scripts/score.js:3 | |
| LOW | Use of `execSync` for shell command execution The `scripts/score.js` file uses `child_process.execSync` to execute shell commands (`git describe`). While its current usage is constrained to a hardcoded command and a fixed working directory, `execSync` is a powerful primitive that allows synchronous execution of arbitrary shell commands. Its presence increases the attack surface and could be exploited if the script's inputs or environment were compromised, even if not directly vulnerable in its current implementation. Evaluate if `execSync` is strictly necessary. If possible, use safer alternatives like Node.js's built-in `child_process.spawn` with explicit command and arguments arrays, or a library that provides safer command execution. If `execSync` is required, ensure all inputs are thoroughly sanitized and the command string is constructed without any user-controlled parts. | LLM | scripts/score.js:4 |
Scan History
Embed Code
[](https://skillshield.io/report/b8e5a2ca8442a7a6)
Powered by SkillShield