Trust Assessment
registry-broker received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 15 findings: 11 critical, 1 high, 1 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings15
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:120 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:121 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:124 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:125 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:155 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:156 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:183 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:184 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:188 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:189 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kantorcodes/registry-broker/scripts/index.ts:191 | |
| HIGH | Potential Command Injection via Unquoted User Input The skill instructs the host LLM to execute shell commands (`npx tsx scripts/index.ts ...`) with user-provided arguments (e.g., `<query>`, `<uaid>`, `<sessionId>`, `<msg>`, `<profileJson>`). If the host LLM does not properly quote or escape these user-controlled arguments when constructing the shell command, an attacker could inject arbitrary shell commands. For example, providing `"; rm -rf /; echo "` as a query could lead to arbitrary code execution on the host system. The host LLM must ensure all user-provided arguments passed to `npx tsx scripts/index.ts` are properly quoted and escaped for the shell environment. For example, using `shlex.quote` in Python or similar functions in other languages. | LLM | SKILL.md:26 | |
| MEDIUM | Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^16.4.5'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/kantorcodes/registry-broker/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/kantorcodes/registry-broker/package.json | |
| INFO | Loose Dependency Versioning The `package.json` uses caret (`^`) version ranges for its dependencies (`dotenv`, `tsx`, `typescript`, `@types/node`). While common, this allows for automatic updates to new minor or patch versions, which could potentially introduce vulnerabilities or breaking changes without explicit review. For security-sensitive applications, pinning to exact versions is generally recommended. Pin all dependencies to exact versions (e.g., `"dotenv": "16.4.5"`) to ensure deterministic builds and prevent unexpected changes from upstream packages. Ensure a lock file (`package-lock.json`) is used and committed to further guarantee dependency consistency. | LLM | package.json:17 |
Scan History
Embed Code
[](https://skillshield.io/report/515a14bebc4feec1)
Powered by SkillShield