Trust Assessment
openocean received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized 'CHAIN' variable in curl path, Skill requires `curl` and `jq` binaries, increasing attack surface.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via unsanitized 'CHAIN' variable in curl path The skill demonstrates `curl` commands where the `CHAIN` variable is directly interpolated into the URL path (e.g., `https://open-api.openocean.finance/v3/${CHAIN}/quote`). If `CHAIN` is derived from untrusted user input and not properly sanitized or shell-escaped before being passed to `curl`, a malicious user could inject arbitrary shell commands. For example, setting `CHAIN` to `eth; rm -rf /` could lead to the execution of `rm -rf /` on the host system. Ensure all variables interpolated directly into shell commands, especially those in URL paths like `CHAIN`, are strictly validated against an allow-list of expected values (e.g., `eth`, `bsc`, `polygon`) or robustly shell-escaped before execution. Using a dedicated HTTP client library in a safer language (e.g., Python `requests`) instead of raw `curl` calls is generally preferred. | LLM | SKILL.md:40 | |
| MEDIUM | Skill requires `curl` and `jq` binaries, increasing attack surface The skill manifest explicitly requires `curl` and `jq` binaries. While `curl` is essential for interacting with external APIs, its general-purpose nature allows for network requests to arbitrary endpoints and potential file system interaction (e.g., `--output`, `--upload-file`). `jq` is a powerful JSON processor. The reliance on external binaries, especially `curl`, increases the attack surface for command injection if inputs are not meticulously sanitized, as demonstrated by the `CHAIN` variable issue. Implement strict input validation and shell escaping for all arguments passed to `curl` and `jq`. Consider using a more constrained HTTP client library within a sandboxed environment if possible, rather than direct shell execution of `curl`. Limit the capabilities of the `curl` command (e.g., disallow file operations) if the environment allows for such granular control. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/6827f304d47d6b9a)
Powered by SkillShield