Trust Assessment
postproxy received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized user input, Potential Data Exfiltration via unsanitized user input, Potential Credential Harvesting of POSTPROXY_API_KEY.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via unsanitized user input The skill declares 'Bash' permissions in its manifest and the `SKILL.md` includes a '$ARGUMENTS' placeholder, indicating that user input will be directly interpolated into a shell command. If this input is not properly sanitized, an attacker can inject arbitrary shell commands, leading to full system compromise. Implement robust input sanitization and validation for all user-provided arguments before constructing and executing shell commands. Avoid direct interpolation of raw user input into shell commands. Consider using a safer method for passing arguments to `curl` (e.g., `--data-urlencode` for specific parameters, or constructing the command with a library that handles escaping) or strictly limiting the allowed arguments. | LLM | SKILL.md:60 | |
| CRITICAL | Potential Data Exfiltration via unsanitized user input With 'Bash' permissions and direct interpolation of '$ARGUMENTS' into `curl` commands, a malicious user could craft input to exfiltrate sensitive files (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) or environment variables to an external server. The `curl` examples already demonstrate the capability to read local files (`-F "media[]=@/path/to/image.jpg"`), highlighting this risk. Rigorously sanitize and validate all user input. Restrict file access to only necessary paths if file uploads are required, and ensure that the `curl` command cannot be manipulated to read arbitrary files or send data to arbitrary external endpoints. Implement a strict allowlist for `curl` options and arguments. | LLM | SKILL.md:60 | |
| HIGH | Potential Credential Harvesting of POSTPROXY_API_KEY The skill uses the `POSTPROXY_API_KEY` environment variable in its `curl` commands. If '$ARGUMENTS' is vulnerable to command injection or data exfiltration, an attacker could craft input to read and exfiltrate the `POSTPROXY_API_KEY` or other sensitive environment variables to an external server. Ensure that the `POSTPROXY_API_KEY` is never directly exposed to user-controlled input or output. Implement strict sanitization for '$ARGUMENTS' to prevent its use in exfiltrating environment variables. Consider using a more secure method for handling API keys that doesn't rely on direct shell interpolation, or ensure the shell execution environment is highly constrained. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/1c0603f1850ecd35)
Powered by SkillShield