Trust Assessment
parallel-task-executor received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill allows arbitrary shell command execution, Skill requests broad filesystem and command execution permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill allows arbitrary shell command execution The skill explicitly states its capability to perform "命令执行" (Command Execution), including "Shell 命令" (Shell Commands) and "脚本执行" (Script Execution). The `command` field in task definitions (e.g., `{"command": "任务1"}`) is intended to hold these commands. If user input directly or indirectly populates this `command` field without strict sanitization or sandboxing, it can lead to arbitrary command injection, allowing an attacker to execute malicious code on the host system. Implement strict input validation and sanitization for all commands. Use an allow-list of safe commands and arguments. Execute commands within a highly restricted sandbox environment (e.g., containerization, seccomp filters) with minimal necessary permissions. Avoid direct execution of user-provided strings as shell commands. | LLM | SKILL.md:78 | |
| HIGH | Skill requests broad filesystem and command execution permissions The skill describes capabilities for "文件操作" (File Operations, including creating, deleting, moving, renaming, downloading, uploading files) and "命令执行" (Command Execution, including shell commands, script execution, and application launch). This combination grants the skill extensive control over the host system's filesystem and the ability to execute arbitrary code. Without proper sandboxing and least-privilege principles, this could lead to data loss, system compromise, or unauthorized access. Restrict the skill's access to the filesystem to only necessary directories. Implement a strict allow-list for file operations. Ensure command execution is sandboxed and limited to pre-approved, safe commands. Review the necessity of each listed capability and remove any that are not strictly required for the skill's core function. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/6d4a5b5ee879eb4a)
Powered by SkillShield