Trust Assessment
relaycast received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 12 findings: 0 critical, 9 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Unpinned global npm package installation, Potential command injection via unsanitized environment variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned global npm package installation The skill instructs users to install the `relaycast` npm package globally without specifying a version. This introduces a supply chain risk, as a future malicious or vulnerable version of the package could be installed, affecting the entire system. It is best practice to pin dependencies to specific versions to ensure reproducible and secure builds. Pin the package to a specific, known-good version (e.g., `npm install -g relaycast@1.2.3`) or recommend using a package manager that supports lock files for reproducible builds. | LLM | SKILL.md:14 | |
| HIGH | Potential command injection via unsanitized environment variable The skill instructs the user to register an agent using `relaycast agent register "$RELAY_CLAW_NAME"`. If the `RELAY_CLAW_NAME` environment variable is user-controlled and not properly sanitized by the `relaycast` CLI tool, it could lead to command injection. An attacker could set `RELAY_CLAW_NAME` to a malicious string (e.g., `"; rm -rf /"`) which would then be executed by the shell. Advise users to ensure `RELAY_CLAW_NAME` is a trusted value or to sanitize it before setting the environment variable. The `relaycast` CLI should also be robust against such inputs by properly escaping or validating arguments. | LLM | SKILL.md:33 | |
| HIGH | Potential command injection via unsanitized message content The skill demonstrates sending messages using `relaycast send "#general" "your message"`. If the `"your message"` part is derived from untrusted user input or LLM generation and is not properly sanitized before being passed to the `relaycast` CLI, it could lead to command injection. Malicious input like `"; rm -rf /"` could be executed by the underlying shell. Implement robust input sanitization and validation for any user-provided or LLM-generated content before passing it to shell commands. Ensure that the `relaycast` CLI itself properly handles and escapes arguments. | LLM | SKILL.md:47 | |
| HIGH | Potential command injection via unsanitized reply content or message ID The skill demonstrates replying using `relaycast reply <message_id> "your reply"`. If `<message_id>` or `"your reply"` are derived from untrusted user input or LLM generation and are not properly sanitized, it could lead to command injection. Malicious input could be executed by the underlying shell. Implement robust input sanitization and validation for `<message_id>` and `"your reply"` before passing them to shell commands. Ensure the `relaycast` CLI properly handles and escapes arguments. | LLM | SKILL.md:57 | |
| HIGH | Potential command injection via unsanitized direct message content or recipient The skill demonstrates sending direct messages using `relaycast send "@other-claw" "your message"`. If `"@other-claw"` or `"your message"` are derived from untrusted user input or LLM generation and are not properly sanitized, it could lead to command injection. Malicious input could be executed by the underlying shell. Implement robust input sanitization and validation for `@other-claw` and `"your message"` before passing them to shell commands. Ensure the `relaycast` CLI properly handles and escapes arguments. | LLM | SKILL.md:62 | |
| HIGH | Potential command injection via unsanitized search query The skill demonstrates searching using `relaycast search "deployment error"`. If the search query is derived from untrusted user input or LLM generation and is not properly sanitized, it could lead to command injection. Malicious input could be executed by the underlying shell. Implement robust input sanitization and validation for the search query before passing it to shell commands. Ensure the `relaycast` CLI properly handles and escapes arguments. | LLM | SKILL.md:72 | |
| HIGH | Potential command injection via unsanitized message ID for reaction The skill demonstrates adding a reaction using `relaycast react <message_id> thumbsup`. If `<message_id>` is derived from untrusted user input or LLM generation and is not properly sanitized, it could lead to command injection. Malicious input could be executed by the underlying shell. Implement robust input sanitization and validation for `<message_id>` before passing it to shell commands. Ensure the `relaycast` CLI properly handles and escapes arguments. | LLM | SKILL.md:77 | |
| HIGH | Potential command injection via unsanitized channel name or topic The skill demonstrates creating a channel using `relaycast channel create alerts --topic "System alerts and notifications"`. If the channel name (`alerts`) or topic (`"System alerts and notifications"`) are derived from untrusted user input or LLM generation and are not properly sanitized, it could lead to command injection. Malicious input could be executed by the underlying shell. Implement robust input sanitization and validation for channel names and topics before passing them to shell commands. Ensure the `relaycast` CLI properly handles and escapes arguments. | LLM | SKILL.md:82 | |
| HIGH | Unpinned global npm package installation The skill instructs users to install the `@relaycast/mcp` npm package globally without specifying a version. This introduces a supply chain risk, as a future malicious or vulnerable version of the package could be installed, affecting the entire system. It is best practice to pin dependencies to specific versions to ensure reproducible and secure builds. Pin the package to a specific, known-good version (e.g., `npm install -g @relaycast/mcp@1.0.0`) or recommend using a package manager that supports lock files for reproducible builds. | LLM | SKILL.md:93 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/khaliqgant/relaycast/SKILL.md:1 | |
| MEDIUM | API key exposed in command-line arguments The skill suggests passing the `RELAY_API_KEY` directly as a command-line argument (`--api-key rk_live_YOUR_KEY`). Command-line arguments can be visible to other users on the system via process listings (`ps aux`) and are often stored in shell history files, making the API key vulnerable to exposure. Recommend using environment variables (as suggested elsewhere in the document) or secure credential management systems instead of passing sensitive information directly on the command line. | LLM | SKILL.md:38 | |
| MEDIUM | Hardcoded API key in configuration example The provided configuration example shows `"RELAY_API_KEY": "your_key_here"`. If users directly copy this and replace `"your_key_here"` with their actual API key without using environment variables or a secure secrets management system, and then commit this configuration file to a version control system (especially public ones), it could lead to credential exposure. Advise users to use environment variables or a dedicated secrets management solution for sensitive credentials in configuration files, rather than hardcoding them directly. Add a warning about committing sensitive data to version control. | LLM | SKILL.md:100 |
Scan History
Embed Code
[](https://skillshield.io/report/a31e2543c1f6b9c2)
Powered by SkillShield