Trust Assessment
openindex-lite received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Command Injection via unsanitized arguments to npx, Private Key Exposure via Environment Variables, Private Key Exposure via Command Line Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unsanitized arguments to npx The skill demonstrates the use of `npx @openindex/openindexcli` with various commands that accept user-provided arguments (e.g., username, description, message, query). If these arguments are derived from untrusted input provided to the AI agent, they could contain shell metacharacters, leading to command injection and arbitrary code execution on the host system. For example, a malicious 'message' could be crafted to execute system commands. Implement robust input sanitization and validation for all arguments passed to `npx @openindex/openindexcli`. Ensure that all user-controlled input is properly escaped for the shell environment before being used in command execution. Consider using a dedicated library for shell argument escaping or invoking the CLI tool programmatically with an array of arguments rather than a single shell string. | LLM | SKILL.md:56 | |
| HIGH | Private Key Exposure via Environment Variables The skill instructs the user (or AI agent) to set a private key as an environment variable (`export OPENINDEX_PRIVATE_KEY=0x...`). Environment variables are generally accessible by child processes and other applications running in the same environment, making the private key vulnerable to credential harvesting if the agent's environment is compromised or if other skills have excessive permissions. Avoid storing sensitive credentials like private keys in environment variables. Instead, use secure secret management solutions (e.g., a dedicated key vault, encrypted storage with strict access controls, or an agent-specific secure context that does not expose secrets globally). If environment variables are absolutely necessary, ensure the agent's execution environment is strictly isolated and that no other skills or processes can access its environment variables. | LLM | SKILL.md:40 | |
| HIGH | Private Key Exposure via Command Line Arguments The skill demonstrates passing private keys directly as command-line arguments (e.g., `-k ALICE_KEY`). Command-line arguments are often visible in process lists (`ps aux` on Linux/macOS, Task Manager on Windows) and shell history, making them easily discoverable by other users or processes on the system. This poses a significant risk of credential harvesting. Private keys should never be passed as command-line arguments. The CLI tool should be designed to read keys from secure input methods, such as a file with restricted permissions, an interactive prompt, or a secure environment variable that is immediately cleared by the tool itself after use, rather than relying on the shell's environment or history. | LLM | SKILL.md:99 | |
| MEDIUM | Unpinned Dependency in Installation Instructions The installation instructions use `npm install -g @openindex/openindexcli` and `npx @openindex/openindexcli` without specifying a version. This means the latest version of the package will always be installed or executed. This introduces a supply chain risk, as a malicious update to the `@openindex/openindexcli` package could automatically be pulled and executed, compromising the agent's environment. Pin the dependency to a specific, known-good version (e.g., `@openindex/openindexcli@1.2.3`) to ensure deterministic and secure installations. Regularly review and update dependencies after security checks. Consider using `npm audit` or similar tools to scan for known vulnerabilities in dependencies. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/e21ce31588397c0f)
Powered by SkillShield