Trust Assessment
pos-arcology-forge received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 5 critical, 0 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsanitized user input in execSync leads to command injection, Arbitrary directory hashing via `treeHash` function.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kunoiiv/pos-arcology-forge/scripts/pos-share.js:1 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kunoiiv/pos-arcology-forge/scripts/test.js:2 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kunoiiv/pos-arcology-forge/scripts/pos-share.js:12 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kunoiiv/pos-arcology-forge/scripts/test.js:7 | |
| CRITICAL | Unsanitized user input in execSync leads to command injection The `scripts/pos-share.js` script uses `child_process.execSync` to execute a Python script. The `paramsStr` variable, which comes directly from `process.argv[2]` (user-controlled input), is embedded into the shell command string without proper sanitization or escaping. This allows an attacker to inject arbitrary shell commands by crafting the `paramsStr` argument, leading to remote code execution. Use `child_process.spawn` or `child_process.execFile` with arguments passed as an array, rather than embedding user input directly into a shell string. This prevents shell interpretation of the arguments. If `execSync` must be used, ensure `paramsStr` is thoroughly escaped for shell interpretation (e.g., using a dedicated shell escaping library). | LLM | scripts/pos-share.js:10 | |
| MEDIUM | Arbitrary directory hashing via `treeHash` function The `scripts/pos-grind.js` script's `treeHash` function can be invoked on an arbitrary directory path if the script is executed directly with `process.argv[2]` pointing to a directory. This function reads and hashes the contents of all files (up to 10MB each, excluding `node_modules` and `.git`) within the specified directory. The resulting hash is then included in the `share.pos.json` output file. While not direct content exfiltration, this allows an attacker to obtain a cryptographic hash of sensitive directory contents, which could be used for information leakage or to verify the presence/absence of specific files. Restrict the `inputPath` argument to `grind` and `verify` functions to only accept expected file paths (e.g., `.json` files) or explicitly validate that directory paths are within a safe, designated sandbox. Avoid allowing arbitrary directory paths for hashing operations on potentially sensitive system locations. | LLM | scripts/pos-grind.js:30 |
Scan History
Embed Code
[](https://skillshield.io/report/a01ce1114c7065cc)
Powered by SkillShield