Trust Assessment
npkill received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential for arbitrary file deletion via `npkill --directory` and `--delete-all`, Unpinned `npkill` dependency in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential for arbitrary file deletion via `npkill --directory` and `--delete-all` The skill documents the use of `npkill` with the `--directory` flag, allowing specification of an arbitrary starting path for file deletion. When combined with `--delete-all --yes`, this could lead to the automated deletion of files in sensitive system directories if an LLM constructs the command using untrusted user input without proper sanitization. Although `npkill` has safety features like warnings for protected directories, the `--delete-all --yes` option bypasses interactive confirmation, making it a critical risk if an attacker can control the directory path. This exposes a powerful and destructive capability that, if misused, could lead to significant data loss or system compromise. 1. **LLM Implementation**: When using this skill, the LLM must strictly sanitize or validate any user-provided input for the `--directory` argument to prevent traversal or targeting of sensitive system paths. The LLM should default to interactive mode or `--dry-run` for user-facing operations involving deletion. 2. **Skill Documentation**: Add explicit warnings in the skill documentation about the dangers of combining `--directory` with `--delete-all --yes` when using untrusted input, and emphasize the need for strict input validation by the LLM. 3. **Restrict Execution**: Consider if the `--delete-all --yes` option should be exposed to the LLM without additional safeguards, or if the LLM should always require explicit, multi-step confirmation for such destructive actions. | LLM | SKILL.md:36 | |
| MEDIUM | Unpinned `npkill` dependency in installation instructions The installation command `npm install -g npkill` does not specify a version, which can lead to non-deterministic installations. Future installations might pull a new version of `npkill` that could introduce breaking changes, new vulnerabilities, or unexpected behavior, posing a supply chain risk. Without a pinned version, the integrity and security of the installed tool cannot be guaranteed over time. Pin the version of `npkill` in the installation instructions (e.g., `npm install -g npkill@<version>`) to ensure deterministic and secure installations. Regularly review and update the pinned version to incorporate security fixes and new features while maintaining control over the installed dependency. | LLM | SKILL.md:77 |
Scan History
Embed Code
[](https://skillshield.io/report/83f62df8a71769ed)
Powered by SkillShield