Trust Assessment
nordvpn received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential for Command Injection via CLI arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for Command Injection via CLI arguments The skill design involves orchestrating `nordvpn` CLI commands with arguments derived from user input (e.g., `country`, `city`, `group`, `key`, `value`, `type`). If these arguments are not properly sanitized or shell-escaped before being passed to `subprocess` calls or similar execution methods, an attacker could inject arbitrary shell commands. For example, if a user-provided `country` argument were `'; rm -rf /; #`, it could lead to critical system compromise. While some examples in the documentation use quotes (`nordvpn connect "Stockholm"`), the general API surface definition does not explicitly mandate input sanitization, leaving the implementation vulnerable. Implement robust input sanitization and shell escaping for all arguments passed to `nordvpn` commands. Use libraries like `shlex.quote` in Python or similar mechanisms in other languages to ensure that user-provided strings are treated as literal arguments and not as executable commands or shell metacharacters. Avoid direct string concatenation for command construction. | LLM | SKILL.md:140 |
Scan History
Embed Code
[](https://skillshield.io/report/c551cb3179944654)
Powered by SkillShield