Trust Assessment
ralph-evolver received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 21 findings: 15 critical, 4 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings21
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:10 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:32 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:48 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:78 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:261 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:299 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:316 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:344 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:387 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:590 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:611 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:635 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:661 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:679 | |
| CRITICAL | Prompt Injection via User-Provided Task Description The 'task' argument, which is directly controlled by the user via command-line input ('--task <desc>'), is embedded verbatim into the 'evolutionPrompt' that is then sent to the LLM. This allows an attacker to inject arbitrary instructions or malicious prompts into the LLM, potentially overriding its system instructions or extracting sensitive information. Implement robust sanitization or a strict allow-list for the 'task' content before embedding it into the LLM prompt. Treat 'task' as user input to the LLM, not as an instruction to the LLM itself. Consider using a separate, dedicated input field for user instructions that is processed differently from general task descriptions. | LLM | evolve.js:600 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:384 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/hsssgdtc/ralph-evolver/evolve.js:607 | |
| HIGH | Command Injection via Untrusted Project Build/Test/Lint Scripts The skill executes various build, test, and lint commands (e.g., 'npm run build', 'npm test', 'pip install bandit', 'eslint .') within a user-controlled 'projectPath'. An attacker can provide a 'projectPath' to a malicious repository containing a 'package.json' with arbitrary commands in its 'scripts' section, or other configuration files (e.g., 'Makefile', 'setup.py', '.eslintrc.js') that, when executed, lead to arbitrary code execution on the host system. The 'cwd' for these commands is set to the untrusted 'projectPath'. Implement strict sandboxing for command execution, or disallow execution of arbitrary project scripts. If execution is necessary, parse and execute only known safe commands/scripts, or run them in a highly isolated environment with minimal privileges. Validate and sanitize 'projectPath' to prevent pointing to sensitive system directories. | LLM | evolve.js:204 | |
| HIGH | Data Exfiltration via Reading Untrusted Project Files The 'generateEvolutionPrompt' function reads arbitrary files from the user-controlled 'projectPath' (via 'getProjectFiles' and 'fs.readFileSync') and includes their content in the 'evolutionPrompt'. If an attacker sets 'projectPath' to a sensitive system directory (e.g., '/etc', '/root'), this could lead to the exfiltration of sensitive files to the LLM or to standard output if the '--spawn' flag is used. While 'ignorePatterns' and size limits exist, they may not be exhaustive for all sensitive files. Strictly limit the 'projectPath' to a dedicated, isolated sandbox environment. Enhance 'ignorePatterns' to be more comprehensive for sensitive system files. Implement redaction or anonymization of potentially sensitive information within file contents before including them in the prompt. Ensure the skill runs with minimal necessary file system permissions. | LLM | evolve.js:490 | |
| MEDIUM | Unpinned npm dependency version Dependency 'vitest' is not pinned to an exact version ('^1.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/hsssgdtc/ralph-evolver/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/hsssgdtc/ralph-evolver/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/f2c34da08785d524)
Powered by SkillShield