Trust Assessment
nightly-build received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Execution of 'npm audit' in untrusted skill directories poses supply chain risk, Arbitrary file deletion risk due to 'fs.unlinkSync' and controllable 'WORKSPACE_DIR'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Execution of 'npm audit' in untrusted skill directories poses supply chain risk The `auditSkills` function in `scripts/nightly.ts` iterates through all installed skills and executes `npm audit --audit-level=high` within each skill's directory. Running `npm` commands in directories controlled by untrusted third-party skills (which could be malicious) introduces a significant supply chain risk. A malicious skill could define `preinstall` or `postinstall` scripts in its `package.json` that, while not directly triggered by `npm audit`, could be exploited if `npm` or its dependencies have vulnerabilities, potentially leading to arbitrary command execution (command injection) with the permissions of the `nightly-build` skill. The general practice of executing package manager commands in untrusted contexts is dangerous. Avoid running package manager commands like `npm audit` directly within untrusted skill directories. If auditing is necessary, consider running it in a sandboxed environment with minimal permissions, or analyze `package.json` files statically without executing `npm` commands. Alternatively, ensure that skills are only installed from trusted sources and that their `package.json` files are reviewed for malicious scripts. | LLM | scripts/nightly.ts:60 | |
| HIGH | Arbitrary file deletion risk due to 'fs.unlinkSync' and controllable 'WORKSPACE_DIR' The `taskLogCleanup` function in `scripts/nightly.mjs` uses `fs.unlinkSync` to delete log files older than 7 days from `MEMORY_DIR`. The `MEMORY_DIR` is derived from `WORKSPACE_DIR`, which can be set via the `process.env.WORKSPACE_DIR` environment variable. If an attacker can control `WORKSPACE_DIR`, they could point `MEMORY_DIR` to a sensitive location. While `fs.readdirSync` typically returns only base filenames, if `MEMORY_DIR` itself is a symbolic link to a critical system directory (e.g., `/`), or if a malicious file within `MEMORY_DIR` is a symlink, `fs.unlinkSync` could be coerced into deleting arbitrary system files, leading to denial of service or system compromise. Restrict the `MEMORY_DIR` to a dedicated, isolated directory that cannot be controlled by untrusted input or symlinked to sensitive locations. Implement stricter validation for `WORKSPACE_DIR` if it's user-controlled. Consider using a more robust file cleanup mechanism that explicitly checks file types and paths before deletion, or run cleanup operations with reduced privileges in a sandboxed environment. | LLM | scripts/nightly.mjs:100 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/0xraini/nightly-build/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6dec71e31cb2db35)
Powered by SkillShield