Trust Assessment
mongodb-atlas-admin received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $USER, Command Injection via Unsanitized User Input in Shell Script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Unsanitized User Input in Shell Script The `scripts/atlas.sh` skill is vulnerable to command injection. User-supplied arguments for various commands (e.g., `projects create`, `clusters create`, `clusters scale`, `users create`) are directly interpolated into JSON payloads and `curl` command arguments without proper sanitization or JSON escaping. An attacker can craft malicious input containing shell metacharacters (e.g., `$(command)`, backticks, semicolons) or JSON-breaking characters (e.g., `"`). This can lead to:
1. **Arbitrary Command Execution:** Malicious shell commands embedded in input strings will be executed by the shell when constructing the `payload` variable or `curl` arguments.
2. **JSON Structure Manipulation:** Unescaped quotes or backslashes can alter the intended JSON structure, potentially leading to unauthorized API calls or data modification.
3. **Data Exfiltration/File Inclusion:** If an input string for `--data` starts with `@`, `curl` will attempt to read data from a file path specified by the attacker, potentially exfiltrating sensitive files or executing commands via named pipes.
Specific vulnerable instances include:
- `projects create` (line 49): `name` and `orgId` arguments.
- `clusters create` (lines 65-89): `name`, `provider`, `region` arguments.
- `clusters scale` (lines 109-119): `new_size`, `provider`, `region` arguments.
- `users create` (lines 134-141): `username`, `password`, `role` arguments. Implement robust input validation and sanitization for all user-provided arguments before they are used in shell commands or JSON payloads. For JSON, use a dedicated JSON parsing and serialization tool (e.g., `jq -n --arg name "$name" '{"name": $name}'`) to safely construct JSON objects, ensuring all string values are properly escaped. Avoid direct string concatenation for sensitive data. For `curl --data`, explicitly prepend `@-` to read from stdin if data is from a variable, or ensure the variable cannot start with `@`. | LLM | scripts/atlas.sh:49 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/mrlynn/mongodb-atlas-admin/SKILL.md:242 |
Scan History
Embed Code
[](https://skillshield.io/report/f53a16da037ae12e)
Powered by SkillShield