Trust Assessment
myvibe-publish received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Credential Harvesting via Malicious Hub URL, Potential Command Injection via Unsanitized User Input in Bash Commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential Harvesting via Malicious Hub URL The skill allows users to specify a custom `--hub` URL. The `getAccessToken` function in `scripts/utils/auth.mjs` uses this user-provided `hubUrl` to construct an authorization URL (`connectUrl`) which is then opened in the user's browser. A malicious `hubUrl` could redirect the user to a phishing site designed to capture their MyVibe credentials. The skill explicitly instructs the agent to use this user-provided URL for a sensitive authorization flow, creating a direct credential harvesting vector. Implement strict validation and whitelisting for the `--hub` URL. If a custom hub is allowed, warn the user explicitly about the security implications of authorizing with an untrusted domain. Consider using a secure, in-agent authorization flow that does not rely on opening arbitrary URLs in the user's browser for sensitive credential exchange. | LLM | scripts/utils/auth.mjs:77 | |
| HIGH | Potential Command Injection via Unsanitized User Input in Bash Commands The `SKILL.md` describes `Bash` commands that the agent is expected to execute, which include user-controlled variables such as `{hub}` and `{publish_target}`. If the agent directly interpolates unescaped user input into these placeholders when constructing and executing the commands, it could lead to command injection. For example, a malicious value for `{hub}` like `"https://example.com; rm -rf /"` could execute arbitrary commands. The skill definition does not provide explicit instructions for sanitizing these user-controlled inputs before execution, relying on the agent's implicit handling. The agent's `Bash` tool execution layer must ensure that all user-controlled inputs interpolated into shell commands are properly sanitized or escaped (e.g., using `shlex.quote` for Bash) to prevent command injection. The skill definition should explicitly state this requirement or provide examples of safe interpolation. | LLM | SKILL.md:52 | |
| MEDIUM | Unpinned npm dependency version Dependency '@aigne/cli' is not pinned to an exact version ('^1.59.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/zhuzhuyule/myvibe-skills/scripts/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/ea814aab7be1ceec)
Powered by SkillShield