Trust Assessment
relayplane received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 6 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary command execution, Unsafe deserialization / dynamic eval.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/relayplane/relayplane/relayplane.js:12 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/relayplane/relayplane/relayplane.js:10 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/relayplane/relayplane/relayplane.js:18 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/relayplane/relayplane/relayplane.js:28 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/relayplane/relayplane/relayplane.js:37 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/relayplane/relayplane/relayplane.js:49 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/relayplane/relayplane/relayplane.js:6 | |
| HIGH | Unpinned global package installation The skill instructs users to install a global npm package (`@relayplane/proxy`) without specifying a version. This means that `npm install -g @relayplane/proxy` will always fetch the latest available version. If a malicious update is published to the `@relayplane/proxy` package on npm, users following these instructions could unknowingly install compromised software, leading to arbitrary code execution, data exfiltration, or other severe security breaches. Pin the package version in the installation instructions. For example, if the skill is designed to work with version `3.0.0` (as indicated in the manifest), the instruction should be `npm install -g @relayplane/proxy@3.0.0`. This ensures that users install a known, tested version and are not automatically exposed to potentially malicious future updates. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/daf64f5c53270672)
Powered by SkillShield