Trust Assessment
Nostr received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 3 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned npm dependency version, Command Injection via Unescaped Variable Interpolation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Unescaped Variable Interpolation The skill's setup instructions involve constructing shell commands by directly interpolating variables into JSON strings passed as arguments to `node {SKILL_DIR}/scripts/nostr.js profile-set`. Specifically, `$LN_ADDR`, `<avatar_url>`, `<banner_url>`, `$AVATAR`, and `$BANNER` are interpolated without explicit shell or JSON escaping. If any of these variables contain shell metacharacters (e.g., `"; rm -rf /; echo "`), it could lead to arbitrary command execution on the host system. This is particularly critical for user-provided URLs and potentially for the `LN_ADDR` if the `cocod` output could be manipulated. The agent runtime must ensure all interpolated variables are properly escaped for both shell and JSON contexts before constructing and executing commands. A safer approach for the skill would be to modify `nostr.js` to accept separate, clearly defined arguments (e.g., `--lud16 <address>`) instead of a single JSON string, or to use environment variables, to avoid complex shell interpolation issues. | LLM | SKILL.md:31 | |
| HIGH | Unpinned Dependencies in package.json The `package.json` file specifies dependencies using caret (`^`) ranges, allowing `npm install` to fetch newer minor or patch versions automatically. While `package-lock.json` pins exact versions, the `install.sh` script uses `npm install` (not `npm ci`), which can lead to non-deterministic builds. This introduces a supply chain risk, as a malicious update to a dependency could be pulled in without explicit review, potentially compromising the skill. Pin exact versions for all dependencies in `package.json` (e.g., `"cocod": "0.0.10"`) to ensure deterministic builds. Additionally, modify `install.sh` to use `npm ci` instead of `npm install` for more secure and consistent dependency installations. | LLM | scripts/package.json:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/shawnyeager/nostr-social/scripts/nostr.js:388 | |
| MEDIUM | Unpinned npm dependency version Dependency '@scure/bip32' is not pinned to an exact version ('^2.0.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/shawnyeager/nostr-social/scripts/package.json | |
| MEDIUM | Suppressed Output During Dependency Installation The `install.sh` script executes `npm install --quiet 2>/dev/null`. Suppressing all output, including standard error, can hide critical warnings or errors during dependency installation. This could mask security advisories, failed package integrity checks, or other issues that might indicate a compromised dependency or an installation problem, making it harder to detect supply chain attacks or misconfigurations. Remove `2>/dev/null` and `--quiet` from the `npm install` command to ensure all output, especially errors and warnings, is visible during installation. If silent operation is desired, consider redirecting output to a log file while still ensuring errors are reported or easily accessible. | LLM | install.sh:7 |
Scan History
Embed Code
[](https://skillshield.io/report/a1fd1810c6f73a78)
Powered by SkillShield