Trust Assessment
porkbun received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Skill declares broad 'execute' capability, Unvalidated user input used in API endpoint paths.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill declares broad 'execute' capability The `package.json` manifest declares the `execute` capability, allowing the skill to run arbitrary shell commands on the host system. While this is necessary for a CLI wrapper, it represents a significant security risk. If the LLM is compromised (e.g., via prompt injection), it could leverage this capability to execute malicious commands beyond the intended scope of the `porkbun-dns.js` script. Review if the `execute` capability can be narrowed down or if specific commands can be whitelisted instead of allowing arbitrary execution. Implement robust input validation and sanitization for any arguments passed to the skill's CLI script to prevent command injection. | LLM | package.json:20 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/wmantly/porkbun-skill/SKILL.md:131 | |
| MEDIUM | Unvalidated user input used in API endpoint paths The `scripts/porkbun-dns.js` script constructs API endpoint URLs using string interpolation with arguments like `domain` and `name` (subdomain) which are derived directly from `process.argv`. There is no explicit validation or sanitization of these arguments to prevent characters like `/` from being injected into path segments. If an attacker can control these arguments (e.g., through prompt injection to the LLM), they could potentially manipulate the API endpoint path, leading to unexpected API calls, errors, or in a worst-case scenario, access to unintended resources if the Porkbun API is not robust against such path manipulation. Implement strict input validation for `domain` and `name` arguments within `scripts/porkbun-dns.js`. This should include whitelisting allowed characters (e.g., alphanumeric, hyphens, dots) and rejecting any input containing path separators (`/`) or other special characters that could alter the intended API endpoint structure. | LLM | scripts/porkbun-dns.js:100 | |
| INFO | Homepage URL uses insecure HTTP protocol The `homepage` field in `package.json` specifies an `http://` URL (`http://git.theta42.com/nova/porkbun-skill`). Using HTTP instead of HTTPS for a homepage link can expose users to man-in-the-middle attacks when accessing the documentation or repository, potentially leading to viewing tampered content or being redirected to malicious sites. While not a direct vulnerability in the skill's execution, it's a best practice to use HTTPS for all external links to ensure integrity. Update the `homepage` URL to use `https://` if the server supports it, or remove the field if an HTTPS version is not available. | LLM | package.json:5 |
Scan History
Embed Code
[](https://skillshield.io/report/19cd7a2c18a27610)
Powered by SkillShield