Trust Assessment
product-changelog received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 4 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Skill attempts arbitrary shell execution beyond declared permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/okaris/product-changelog/SKILL.md:9 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/okaris/product-changelog/SKILL.md:9 | |
| CRITICAL | Skill attempts arbitrary shell execution beyond declared permissions The skill's manifest declares `Bash(infsh *)`, allowing only `infsh` commands via Bash. However, the skill attempts to execute `curl -fsSL https://cli.inference.sh | sh`, which involves piping the output of `curl` directly to `sh`. This is an arbitrary shell command execution that bypasses the `infsh *` restriction, allowing the skill to run any command. The declared permission `Bash(infsh *)` should be strictly enforced. If `curl | sh` is truly necessary for installation, the permission should be broadened to `Bash(*)` or `Bash(curl, sh, infsh)`. Alternatively, provide a safer installation method that doesn't involve piping to `sh`. | LLM | SKILL.md:10 | |
| CRITICAL | Skill attempts arbitrary command execution via npx beyond declared permissions The skill's manifest declares `Bash(infsh *)`, allowing only `infsh` commands via Bash. However, the skill attempts to execute `npx skills add ...` commands. `npx` is a Node.js package runner and is not an `infsh` command. This constitutes an attempt to execute arbitrary commands outside the scope of the declared permissions. The declared permission `Bash(infsh *)` should be strictly enforced. If `npx` is truly necessary, the permission should be broadened to `Bash(*)` or `Bash(npx, infsh)`. | LLM | SKILL.md:176 | |
| HIGH | Unverified script execution from remote URL The skill suggests installing a CLI tool by piping the output of `curl` directly to `sh`. This method executes code downloaded from `https://cli.inference.sh` without any integrity verification (e.g., checksums, GPG signatures). A compromise of `inference.sh`'s server or a man-in-the-middle attack could lead to the execution of arbitrary malicious code on the host system. Recommend a safer installation method, such as downloading a signed package, using a package manager, or at least verifying a checksum of the downloaded script before execution. | LLM | SKILL.md:10 | |
| MEDIUM | Unpinned package execution via npx The skill suggests using `npx skills add inferencesh/skills@ai-image-generation` and `npx skills add inferencesh/skills@prompt-engineering`. By not specifying a version (e.g., `@1.2.3`), `npx` will fetch and execute the latest available version. This introduces a supply chain risk where a malicious update to the `inferencesh/skills` package (or a typosquatted package) could be automatically executed without review. Always pin package versions when using `npx` or similar tools (e.g., `npx skills add inferencesh/skills@ai-image-generation@1.0.0`) to mitigate risks from malicious or breaking updates. | LLM | SKILL.md:176 |
Scan History
Embed Code
[](https://skillshield.io/report/b931f7a7cf972e0a)
Powered by SkillShield