Trust Assessment
near-subaccount received a trust score of 32/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 5 critical, 1 high, 0 medium, and 1 low severity. Key findings include Arbitrary command execution, Node lockfile missing, Command Injection via unsanitized user input in 'create' command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/shaiss/near-subaccount/scripts/subaccount.js:3 | |
| CRITICAL | Command Injection via unsanitized user input in 'create' command The `createSubaccount` function directly interpolates user-provided `subaccountName` and `masterAccount` into a shell command executed via `child_process.exec`. An attacker can inject arbitrary shell commands by including metacharacters (e.g., `;`, `&`, `|`, `$(...)`) in these parameters, leading to remote code execution. Use `child_process.spawn` or `child_process.execFile` with an array of arguments to prevent shell interpretation of user input. Alternatively, thoroughly sanitize or escape all user-provided strings before interpolating them into shell commands. | LLM | scripts/subaccount.js:17 | |
| CRITICAL | Command Injection via unsanitized user input in 'list' command The `listSubaccounts` function directly interpolates the user-provided `accountId` into a shell command executed via `child_process.exec`. An attacker can inject arbitrary shell commands by including metacharacters (e.g., `;`, `&`, `|`, `$(...)`) in the `accountId` parameter, leading to remote code execution. Use `child_process.spawn` or `child_process.execFile` with an array of arguments to prevent shell interpretation of user input. Alternatively, thoroughly sanitize or escape all user-provided strings before interpolating them into shell commands. | LLM | scripts/subaccount.js:29 | |
| CRITICAL | Command Injection via unsanitized user input in 'delete' command The `deleteSubaccount` function directly interpolates user-provided `subaccountId` and `masterAccount` into a shell command executed via `child_process.exec`. An attacker can inject arbitrary shell commands by including metacharacters (e.g., `;`, `&`, `|`, `$(...)`) in these parameters, leading to remote code execution. Use `child_process.spawn` or `child_process.execFile` with an array of arguments to prevent shell interpretation of user input. Alternatively, thoroughly sanitize or escape all user-provided strings before interpolating them into shell commands. | LLM | scripts/subaccount.js:43 | |
| CRITICAL | Command Injection via unsanitized input from file and CLI in 'distribute' command The `bulkDistribute` function constructs a shell command using `subaccountId` (read from a user-controlled JSON file) and `amount` (user-provided CLI argument). If either of these values contain shell metacharacters, an attacker can inject arbitrary commands, leading to remote code execution. This is a chained vulnerability combining arbitrary file read with command injection. Ensure that `subaccountId` values read from the JSON file and the `amount` CLI argument are strictly validated and sanitized before being used in shell commands. The most robust solution is to use `child_process.spawn` or `child_process.execFile` with an array of arguments, which prevents shell interpretation. | LLM | scripts/subaccount.js:64 | |
| HIGH | Data Exfiltration via arbitrary file read in 'distribute' command The `bulkDistribute` function reads the content of a file specified by the user-controlled `filePath` parameter using `fs.readFile`. An attacker can provide a path to any readable file on the system (e.g., `/etc/passwd`, `/proc/self/environ`, `~/.ssh/id_rsa`), leading to data exfiltration. The content is then parsed as JSON, but the file read itself is the vulnerability. Implement strict validation for `filePath` to ensure it points only to expected, non-sensitive locations (e.g., a dedicated data directory). Consider using a file upload mechanism or a more secure way to provide bulk data that doesn't involve arbitrary file paths. | LLM | scripts/subaccount.js:54 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/shaiss/near-subaccount/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/f73aa1aec3a7c830)
Powered by SkillShield