Trust Assessment
process-watch received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned Python Dependencies, High-Privilege Process Termination Capability, Exposure of Process Environment Variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | High-Privilege Process Termination Capability The `process-watch kill` command, as described in `SKILL.md`, provides the ability to terminate any running process by its PID or name, potentially with `--force`. While this is an intended feature of a process management skill, granting an AI agent direct access to such a powerful command without additional safeguards (e.g., explicit user confirmation, a whitelist of allowed processes, or a blacklist of critical processes) poses a significant risk. An attacker could craft a prompt to the LLM to kill critical system processes, leading to denial of service or system instability. Implement stricter access controls for the `kill` command when invoked by an AI agent. This could include requiring explicit user confirmation for critical processes, maintaining a whitelist of processes that can be killed, or a blacklist of processes that cannot be killed by the agent. | LLM | SKILL.md:33 | |
| MEDIUM | Unpinned Python Dependencies The `scripts/process-watch.py` file specifies Python dependencies (`psutil`, `rich`, `typer`) without pinning them to specific versions. This can lead to supply chain vulnerabilities if a new version of a dependency introduces malicious code or breaking changes, or if an attacker performs a typosquatting attack on a package name. Pin all dependencies to exact versions (e.g., `psutil==5.9.0`) to ensure reproducible builds and mitigate risks from unexpected updates or malicious package versions. | LLM | scripts/process-watch.py:3 | |
| MEDIUM | Exposure of Process Environment Variables The `process-watch info <pid>` command, as described in `SKILL.md`, explicitly shows 'environment' variables of the target process. Environment variables can contain sensitive information such as API keys, database credentials, or other secrets. While the skill itself does not exfiltrate this data to an external server, its exposure to the console output, which is then consumed by the LLM, creates a potential data exfiltration vector if the LLM is compromised or if its outputs/logs are not securely handled. Redact potentially sensitive environment variables (e.g., those matching common secret patterns like `API_KEY`, `PASSWORD`, `SECRET`) before printing, or provide an option to suppress environment variable display. Alternatively, require explicit user confirmation or a specific flag to display environment variables, especially when the skill is invoked by an AI agent. | LLM | SKILL.md:25 |
Scan History
Embed Code
[](https://skillshield.io/report/9d6a02b4bbe2c696)
Powered by SkillShield