Trust Assessment
parallel received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 2 medium, and 1 low severity. Key findings include Potential hardcoded secret (high entropy), Command Injection via unescaped shell arguments in parallel.sh, Unpinned Python dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unescaped shell arguments in parallel.sh The `scripts/parallel.sh` script directly interpolates user-provided arguments (`$*`) into the `curl -d` command without proper shell escaping. This allows an attacker to inject arbitrary shell commands by crafting malicious input for the `research`, `company`, or `person` commands. For example, providing `$(id)` as part of the query will execute the `id` command on the host system. Ensure all user-provided input is properly escaped before being used in shell commands. For JSON payloads, consider using `jq` to construct the JSON string safely, or pass the data via a temporary file. A common pattern is to use `printf %q` for shell arguments, but for JSON, careful construction or a dedicated JSON tool is better. For example, construct the JSON in a variable and then pass it to `curl -d @- <<< "$json_payload"`. | LLM | scripts/parallel.sh:49 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.77) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/mvanhorn/parallel/scripts/parallel.sh:7 | |
| MEDIUM | Unpinned Python dependencies The `SKILL.md` file instructs users to install Python packages (`parallel-sdk`, `requests`) without specifying exact versions. This introduces a supply chain risk, as a future update to these packages could introduce vulnerabilities, breaking changes, or even malicious code. Without version pinning, the skill's behavior is not deterministic. Pin the versions of all Python dependencies to specific, known-good versions (e.g., `pip install parallel-sdk==1.2.3 requests==2.28.1`). Regularly review and update these pinned versions to incorporate security patches. | LLM | SKILL.md:30 | |
| LOW | Untrusted input processed by json.loads in monitor.py The `scripts/monitor.py` script uses `json.loads(args.metadata)` to parse user-provided metadata. While Python's `json.loads` is generally safe from arbitrary code execution, processing untrusted or malformed JSON input can lead to resource exhaustion (Denial of Service) or unexpected behavior if the `parallel.ai` API is sensitive to specific JSON structures. An attacker could craft a very large or deeply nested JSON string. Implement input validation and sanitization for the `--metadata` argument. Consider imposing limits on the size or complexity of the JSON structure. If possible, define a strict schema for the metadata and validate against it before parsing. While `json.loads` is safer than `pickle.loads`, it's still best practice to validate untrusted input. | LLM | scripts/monitor.py:160 |
Scan History
Embed Code
[](https://skillshield.io/report/1a401545764e91f2)
Powered by SkillShield