Trust Assessment
npm-proxy received a trust score of 59/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Potential data exfiltration: file read + network send, API Token Stored Persistently on Filesystem.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'get_token' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/weird-aftertaste/npm-proxy/scripts/npm_client.py:39 | |
| HIGH | Skill Operates with Full Nginx Proxy Manager Admin Privileges The skill authenticates to Nginx Proxy Manager using `NPM_EMAIL` and `NPM_PASSWORD`, which are typically administrative credentials. This grants the agent full control over the NPM instance, including the ability to list, create, modify, and delete proxy hosts and certificates. A compromise of the agent or this skill could lead to an attacker gaining complete control over the organization's Nginx Proxy Manager, potentially enabling traffic redirection, malicious certificate issuance, or exposure of internal services. Implement the principle of least privilege. Create a dedicated Nginx Proxy Manager user with the minimum necessary permissions required for the agent's specific tasks. For example, if the agent only needs to list and enable/disable hosts, grant only those permissions. Avoid using full administrative credentials for automated tasks. | LLM | scripts/npm_client.py:15 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/weird-aftertaste/npm-proxy/scripts/npm_client.py:5 | |
| MEDIUM | API Token Stored Persistently on Filesystem The script stores the Nginx Proxy Manager API token in a file (`/root/.npm-token.json`) on the filesystem. While `/root` is a privileged directory, persistent storage of API tokens increases the attack surface. If the agent's execution environment is compromised, an attacker could exfiltrate this token and gain unauthorized access to the NPM instance until the token expires or is revoked. Consider using a more ephemeral storage mechanism for the token, such as in-memory storage for the duration of the script's execution, or a secure secrets management service. If persistent storage is necessary, ensure the file permissions are highly restrictive and the underlying filesystem is encrypted and protected. Implement token revocation mechanisms. | LLM | scripts/npm_client.py:12 |
Scan History
Embed Code
[](https://skillshield.io/report/46ccf93ce5d38647)
Powered by SkillShield