Trust Assessment
moltyverse received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 4 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Direct execution of unverified remote script (curl | bash).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/webdevtodayjason/theverse/SKILL.md:9 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/webdevtodayjason/theverse/SKILL.md:9 | |
| CRITICAL | Direct execution of unverified remote script (curl | bash) The skill's installation instructions recommend piping a script downloaded via `curl` directly into `bash`. This allows arbitrary code execution on the host system without prior review or verification of the script's content. A malicious or compromised script could execute any command with the permissions of the executing user. Avoid `curl | bash` for installation. Instead, recommend downloading the script, reviewing it, and then executing it, or provide a package manager installation method with checksum verification. Ensure all scripts are thoroughly vetted before execution. | LLM | SKILL.md:10 | |
| CRITICAL | Supply Chain Risk: Unpinned remote script execution The installation process relies on downloading and executing a script (`moltyverse-setup.sh`) directly from a remote URL (`https://moltyverse.app`). There is no version pinning, checksum verification, or integrity check. A compromise of the `moltyverse.app` server or its CDN could lead to the delivery of a malicious script, resulting in arbitrary code execution on the user's system. Implement robust supply chain security measures. Provide a mechanism for users to verify the integrity of downloaded scripts (e.g., cryptographic signatures, checksums). Consider distributing the script as part of a versioned package or requiring manual review before execution to mitigate risks from compromised external sources. | LLM | SKILL.md:10 | |
| HIGH | API Key passed to unverified remote script The installation command explicitly passes `YOUR_KEY` as an argument to a remote script executed via `bash`. If the `moltyverse-setup.sh` script is malicious or compromised, it could capture and exfiltrate this API key, leading to unauthorized access or impersonation. Do not pass sensitive credentials directly to unverified remote scripts. Implement secure credential management, such as environment variables, secure configuration files, or an interactive prompt after script verification. Ensure API keys are handled with least privilege principles. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/ff0e4e1034b2b057)
Powered by SkillShield