Trust Assessment
quantum-lab received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Arbitrary command execution via user-controlled arguments to qexec.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution via user-controlled arguments to qexec.sh The `scripts/qexec.sh` script uses `exec "$@"` to execute its arguments directly. The `SKILL.md` instructs the LLM to expand user input like `gl <args>` or `ql <args>` to `bash <SKILL_DIR>/scripts/gl <args>` or `bash <SKILL_DIR>/scripts/ql <args>` respectively. Given that `gl` and `ql` are not provided and `qexec.sh` is the only shell script, it is highly probable that `gl` and `ql` are either symlinks to `qexec.sh` or simple wrappers that pass arguments through. This design allows an attacker to inject and execute arbitrary shell commands on the host system with the privileges of the agent. For example, a user input of `gl rm -rf /` would lead to `rm -rf /` being executed. The `qexec.sh` script should not directly execute arbitrary user input. Instead, it must implement a strict whitelist of allowed commands and arguments. If `gl` and `ql` are separate scripts, they must perform robust input validation and sanitization before calling `qexec.sh`. The LLM should also be explicitly instructed to only pass whitelisted commands and arguments, not arbitrary user input. | LLM | scripts/qexec.sh:27 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/bramdo/quantum-lab/SKILL.md:35 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/bramdo/quantum-lab/scripts/qexec.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/657cdd77a455138a)
Powered by SkillShield