Trust Assessment
ordercli received a trust score of 56/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned Go module dependency, Third-party Homebrew tap dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Go module dependency The skill's manifest specifies the installation of the `ordercli` tool using `go install github.com/steipete/ordercli/cmd/ordercli@latest`. Using `@latest` means the dependency is not pinned to a specific version tag or commit hash. This makes the installation vulnerable to supply chain attacks, as a malicious change introduced to the upstream repository's default branch could be automatically pulled and executed without explicit review. Pin the Go module dependency to a specific version tag (e.g., `@v1.2.3`) or a full commit hash to ensure reproducible and secure installations. | Static | SKILL.md:1 | |
| HIGH | Skill instructs use of tool capable of handling sensitive credentials and browser data The untrusted `SKILL.md` content describes commands for the `ordercli` tool that directly handle sensitive user information. Specifically, `ordercli foodora login --email you@example.com --password-stdin` requires user credentials, and `ordercli foodora cookies chrome` and `ordercli foodora session chrome` interact with browser profiles, which can contain session tokens and other sensitive data. If the `ordercli` tool itself is compromised or malicious, it could harvest these credentials or exfiltrate sensitive browser data. The skill, by providing these instructions, facilitates the use of a tool with these high-privilege capabilities. Users should be made explicitly aware of the sensitive nature of the data handled by `ordercli`. It is crucial to ensure the `ordercli` tool is from a trusted source and its integrity is verified. Consider running such tools in a sandboxed or isolated environment to limit potential damage from compromise. | Static | SKILL.md:10 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/ordercli/SKILL.md:31 | |
| MEDIUM | Third-party Homebrew tap dependency The skill's manifest installs the `ordercli` tool via a third-party Homebrew tap (`steipete/tap/ordercli`). Relying on external taps introduces a supply chain risk, as the tap maintainer could potentially introduce malicious formulas or changes that would be installed on the user's system. Prefer official Homebrew formulae where possible. If a third-party tap is necessary, verify the integrity of the tap and its formulae, and consider auditing the source code before installation. Users should be aware of the risks associated with adding untrusted taps. | Static | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/4efbdf34811dede0)
Powered by SkillShield