Trust Assessment
python-executor received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Overly broad Bash tool permission for 'infsh'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Overly broad Bash tool permission for 'infsh' The skill declares `Bash(infsh *)` as an allowed tool in its manifest. This grants permission to execute any `infsh` command with any arguments. While the skill's intended use is `infsh app run infsh/python-executor`, the `*` wildcard allows for execution of other `infsh` subcommands (e.g., `infsh login`, `infsh config`) or potentially malicious argument injection if the `infsh` tool itself has vulnerabilities or unintended features. This violates the principle of least privilege, as the skill is granted more capabilities than strictly necessary for its stated purpose. Restrict the `Bash` permission to only the necessary `infsh` subcommand and arguments. For example, if the skill only needs to run the `python-executor` app, the permission could be narrowed to `Bash(infsh app run infsh/python-executor --input *)`. If more general app execution is needed, `Bash(infsh app run *)` would be more secure than `Bash(infsh *)`. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b4ed0f0877b74ebb)
Powered by SkillShield