Trust Assessment
port-forwarder received a trust score of 22/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Missing required field: name, Sensitive path access: SSH key/config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/sa9saq/port-forwarder/SKILL.md:96 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/sa9saq/port-forwarder/SKILL.md:96 | |
| HIGH | Potential Command Injection via 'kill' command The skill provides an example `kill <PID>` command. If the LLM is designed to execute this command and allows user-controlled input for `<PID>`, an attacker could inject arbitrary process IDs, leading to termination of critical system processes or other malicious actions within the LLM's execution environment. Implement strict input validation and sanitization for any user-provided input intended for shell commands. Avoid directly interpolating user input into `kill` commands. If process termination is required, use a safer API or ensure PIDs are selected from a trusted, pre-defined list. | LLM | SKILL.md:64 | |
| HIGH | Ability to connect to arbitrary remote hosts via SSH The skill demonstrates various `ssh` commands that allow connecting to any specified `user@remote-host`. If the LLM is prompted to execute these commands and allows user-controlled input for the remote host, an attacker could instruct the LLM to establish SSH connections to malicious servers, potentially leading to data exfiltration, command execution on the remote host, or other network-based attacks originating from the LLM's execution environment. Restrict the LLM's ability to connect to arbitrary remote hosts. Implement a whitelist of allowed hosts or require explicit user confirmation for connections to new or untrusted destinations. Ensure that `ssh` commands executed by the LLM operate within a sandboxed environment with minimal network access. | LLM | SKILL.md:19 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/port-forwarder/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/4e07e5cee62e0785)
Powered by SkillShield