Trust Assessment
project-scaffolder received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Potential Command Injection via User-Provided Project Name/Directory, Broad Filesystem and Shell Execution Permissions Required.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via User-Provided Project Name/Directory The skill instructs the host LLM to solicit user input for project names and target directories (SKILL.md, line 17). The provided shell command templates (e.g., `npx create-next-app@latest my-app ...`, `mkdir my-api ...`, `go mod init github.com/user/my-cli`) use placeholders that are intended to be replaced by user input. If the LLM directly interpolates unsanitized user input into these shell commands, a malicious user could inject arbitrary shell commands (e.g., `my-app; rm -rf /`), leading to remote code execution, data exfiltration, or system compromise. The host LLM must implement robust input sanitization and validation for all user-provided strings (project name, directory, etc.) before incorporating them into shell commands. Arguments should be passed as distinct parameters to a subprocess call rather than concatenated into a single shell string, or a dedicated shell escaping library should be used to neutralize special characters. | LLM | SKILL.md:24 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/project-scaffolder/SKILL.md:1 | |
| LOW | Broad Filesystem and Shell Execution Permissions Required The skill's core functionality involves creating directories, initializing version control, and installing dependencies, which inherently requires broad filesystem write access and the ability to execute arbitrary shell commands. While necessary for the skill's intended purpose of project scaffolding, this broad access significantly increases the potential impact of any command injection vulnerabilities, allowing for severe consequences such as system compromise or data destruction. While these permissions are fundamental to the skill, it is critical to ensure that all user inputs are meticulously sanitized before being used in any shell command to prevent exploitation of this broad access. Consider running such skills in isolated, sandboxed environments with minimal necessary permissions to limit the blast radius of potential exploits. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/5e3e800e078013cb)
Powered by SkillShield