Trust Assessment
openinsider received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 3 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential Command Injection via user-controlled argument, Unpinned Python dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via user-controlled argument The skill's usage examples in SKILL.md demonstrate that the 'ticker' argument is passed directly to the 'fetch_trades.py' script via the command line. If the host LLM or agent constructs this command string by directly concatenating user-provided input for the 'ticker' without proper shell escaping, a malicious user could inject arbitrary shell commands. For example, a 'ticker' like `'; rm -rf /'` could lead to unintended command execution on the host system. The agent invoking this skill should ensure that all user-provided arguments passed to shell commands are properly escaped or quoted to prevent command injection. Additionally, the skill's Python script could implement stricter validation (e.g., regex for alphanumeric characters) on the 'ticker' argument to reduce the attack surface. | LLM | SKILL.md:12 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/stuhorsman/openinsider/scripts/fetch_trades.py:3 | |
| MEDIUM | Unpinned Python dependencies The skill's manifest specifies Python dependencies (`pandas`, `requests`, `lxml`) without pinning their versions. This can lead to non-deterministic builds, introduce unexpected vulnerabilities from newer package versions, or cause compatibility issues if future versions introduce breaking changes. An attacker could potentially exploit vulnerabilities in a newly released, unvetted version of a dependency. Pin exact versions for all Python dependencies in the manifest (e.g., `pandas==1.5.3 requests==2.28.1 lxml==4.9.2`) or at least specify major/minor versions (e.g., `pandas~=1.5`). | LLM | SKILL.md:5 | |
| MEDIUM | Unencrypted HTTP communication The skill makes HTTP requests to `http://openinsider.com` without using HTTPS. This leaves the communication unencrypted and vulnerable to Man-in-the-Middle (MITM) attacks, where an attacker could intercept, observe, or alter the data being fetched from the OpenInsider website. This compromises the integrity and confidentiality of the data. If OpenInsider supports HTTPS, update the `BASE_URL` to use `https://`. If HTTPS is not available, consider adding a warning to the skill's documentation about the unencrypted nature of the data source and the potential risks. | LLM | scripts/fetch_trades.py:9 |
Scan History
Embed Code
[](https://skillshield.io/report/76f78c1118a6e698)
Powered by SkillShield