Trust Assessment
muse received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Broad access to user's coding history and files, Unpinned npm dependency for `@_xtribe/cli`, Potential for command injection via user-supplied arguments to `tribe` CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad access to user's coding history and files The skill explicitly grants "ClawBot access to your team's entire coding history, past sessions, team knowledge, and project context." Commands like `tribe sessions read <session-id>`, `tribe extract <session-id> --type files`, `tribe kb save --file ./notes.md`, and `tribe import` indicate the ability to read and write potentially sensitive files and access comprehensive historical coding data. This level of access, while intended for the skill's functionality, poses a significant risk if the skill or the underlying `tribe` CLI is compromised or misused, potentially leading to data exfiltration or unauthorized modification. Clearly document the full scope of data access and file system interactions. Implement robust access controls and user consent mechanisms. Ensure the `tribe` CLI itself has strong security practices, including sandboxing or least-privilege principles where possible. For the skill, consider if all commands truly need to be exposed or if a more granular approach is possible. | LLM | SKILL.md:1 | |
| HIGH | Unpinned npm dependency for `@_xtribe/cli` The skill's manifest specifies `@_xtribe/cli` as an npm package dependency but does not pin it to a specific version. This means that during installation, the latest available version of the package will be downloaded. If a malicious update is pushed to `@_xtribe/cli` by its maintainers or if the package registry is compromised, the skill could inadvertently install and execute malicious code, introducing a supply chain risk. Pin the `@_xtribe/cli` dependency to a specific, known-good version (e.g., `"package": "@_xtribe/cli@1.2.3"`). Regularly review and update dependencies to newer secure versions. | LLM | SKILL.md:3 | |
| MEDIUM | Potential for command injection via user-supplied arguments to `tribe` CLI The skill provides numerous examples where user-supplied strings are passed directly as arguments to the `tribe` CLI (e.g., `tribe search "authentication middleware"`, `tribe muse spawn "Fix the login bug" fix-login`). If the LLM constructs these command strings based on unvalidated or unescaped user input, and if the `tribe` CLI does not robustly sanitize or escape its arguments before execution, an attacker could potentially inject arbitrary shell commands (e.g., `tribe search "query; rm -rf /"`), leading to command injection. Ensure that any user-provided input used to construct `tribe` commands is thoroughly sanitized and shell-escaped before being passed to the `tribe` binary. The LLM orchestrating the skill should be instructed to use appropriate escaping mechanisms (e.g., `shlex.quote` in Python) for all arguments derived from user input. The `tribe` CLI itself should also be designed to prevent command injection through its arguments. | LLM | SKILL.md:30 | |
| INFO | Reliance on external `tribe login` for authentication The skill requires users to run `tribe login` for authentication, as specified in the `postInstall` script and setup instructions. While the skill itself doesn't handle credentials directly, it delegates this critical function to an external CLI tool. The security of user credentials (e.g., API keys, tokens) depends entirely on the implementation of the `tribe` CLI and how it stores and transmits these credentials. A compromise of the `tribe` CLI could lead to credential harvesting. Ensure the `tribe` CLI follows best practices for credential management, such as secure storage (e.g., OS-native credential managers), secure transmission (e.g., HTTPS), and least-privilege access. Users should be informed about how their credentials are handled by the `tribe` CLI. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/e473d1d1b8776041)
Powered by SkillShield