Trust Assessment
ordercli received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned Go module dependency, Skill exposes functionality to access sensitive browser data.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Go module dependency The skill's manifest specifies the Go installation using `@latest` for the module `github.com/steipete/ordercli/cmd/ordercli`. This means the dependency is unpinned, allowing for non-deterministic builds and potential introduction of malicious code if a future 'latest' version is compromised in the supply chain. Pin the Go module dependency to a specific version or commit hash (e.g., `@v1.2.3` or `@abcdef123`) to ensure deterministic and secure builds. | LLM | SKILL.md | |
| HIGH | Skill exposes functionality to access sensitive browser data The skill describes commands (`ordercli foodora cookies chrome`, `ordercli foodora session chrome`) that allow the `ordercli` tool to access and import sensitive browser data, specifically Chrome cookies and session profiles. If an AI agent is instructed to execute these commands, it could expose the user's browser session data to the `ordercli` tool. This poses a significant data exfiltration risk if the tool is malicious or if the agent is prompted to log/transmit the accessed data. Evaluate if access to browser cookies/sessions is strictly necessary for the skill's core functionality. If so, clearly warn users about the sensitive nature of these operations and ensure the `ordercli` tool itself is trusted. Consider sandboxing the execution environment or limiting the agent's ability to execute such commands without explicit user confirmation. | LLM | SKILL.md:26 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/steipete/ordercli/SKILL.md:27 | |
| MEDIUM | Potential command injection via unvalidated CLI arguments The skill describes various `ordercli` commands that take user-provided arguments (e.g., `<orderCode>`, `--profile`). If an AI agent constructs these commands by directly substituting user input without proper sanitization or shell escaping, a malicious user could inject arbitrary shell commands. For example, if `<orderCode>` were `123; rm -rf /`, it could lead to command execution on the host system. The AI agent interacting with this skill must implement robust input validation and shell escaping for all user-provided arguments before constructing and executing shell commands. The skill documentation should also explicitly warn about this risk to users and developers. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/d78ec0a426529e94)
Powered by SkillShield