Trust Assessment
node-transfer received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 17 findings: 3 critical, 4 high, 9 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Unsafe deserialization / dynamic eval, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings17
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/eisonme/node-transfer/receive.js:115 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/eisonme/node-transfer/send.js:113 | |
| CRITICAL | Command Injection via unsanitized target directory in deploy.js The `deploy.js` script constructs a PowerShell command to create directories and write files on a target node. The `targetDir` argument is directly interpolated into the PowerShell script without proper escaping for PowerShell metacharacters. A malicious `targetDir` value (e.g., `C:/foo"; malicious_command; #`) could break out of the quoted string and execute arbitrary commands on the target node during deployment. Sanitize or properly escape the `targetDir` variable before interpolating it into the PowerShell script. Consider using PowerShell's built-in `LiteralPath` parameter or a robust escaping function to prevent injection. Alternatively, pass the directory as a separate argument to a PowerShell script block that handles path construction safely. | LLM | deploy.js:100 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/eisonme/node-transfer/deploy.js:162 | |
| HIGH | Arbitrary File Write via Path Traversal in receive.js The `receive.js` script takes an `outputPath` argument directly from user input and uses it in `fs.createWriteStream` and `fs.mkdirSync` without sanitization or validation against path traversal. An attacker could provide a path like `../../../../Windows/System32/evil.dll` or `/etc/passwd` to write to arbitrary locations on the destination filesystem, potentially overwriting critical system files or sensitive data. Validate and sanitize the `outputPath` argument to prevent path traversal. Ensure the path is canonicalized and restricted to an allowed base directory. Reject any paths that attempt to traverse outside the intended directory using `path.resolve` and checking against a base directory, or by using a library designed for secure path handling. | LLM | receive.js:150 | |
| HIGH | Data Exfiltration via Arbitrary File Read in send.js The `send.js` script takes a `filePath` argument directly from user input and uses it in `fs.createReadStream` without sanitization or validation against path traversal. An attacker could provide a path like `../../../../etc/shadow` or `C:/Windows/System32/config/SAM` to read arbitrary files from the source filesystem, leading to sensitive data exfiltration. Validate and sanitize the `filePath` argument to prevent path traversal. Ensure the path is canonicalized and restricted to an allowed base directory. Reject any paths that attempt to traverse outside the intended directory using `path.resolve` and checking against a base directory, or by using a library designed for secure path handling. | LLM | send.js:140 | |
| HIGH | Broken Integrity Verification in ensure-installed.js due to null hashes The `version.js` file, which serves as a manifest for integrity checking, contains `null` values for the SHA-256 hashes of `send.js`, `receive.js`, and `ensure-installed.js`. The `ensure-installed.js` script relies on these hashes to verify file integrity. With `null` expected hashes, the integrity check will either perpetually report mismatches (if `actualHash !== null` is always true) or fail to detect actual tampering, rendering the integrity verification mechanism ineffective. This undermines the supply chain security by allowing tampered scripts to go undetected after deployment. Implement a build step that automatically computes and embeds the correct SHA-256 hashes into `version.js` before deployment. Ensure `deploy.js` uses this correctly populated `version.js` or generates the hashes itself during deployment. The `ensure-installed.js` script should then correctly compare the actual file hashes against these embedded, non-null expected hashes. | LLM | version.js:9 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/eisonme/node-transfer/deploy.js:58 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/eisonme/node-transfer/ensure-installed.js:13 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/eisonme/node-transfer/ensure-installed.js:40 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/eisonme/node-transfer/receive.js:19 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/eisonme/node-transfer/receive.js:97 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/eisonme/node-transfer/receive.js:128 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/eisonme/node-transfer/send.js:19 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/eisonme/node-transfer/send.js:91 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/eisonme/node-transfer/SKILL.md:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/eisonme/node-transfer/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/76f89adb2eb7bc3f)
Powered by SkillShield