Trust Assessment
researchskill5566 received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Unsanitized user input in shell command, Unpinned dependency: clawhub.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in shell command The `{question}` placeholder is directly inserted into a shell command within `SKILL.md` without proper sanitization or escaping. This allows an attacker to inject arbitrary shell commands by crafting a malicious `question` input (e.g., `'; rm -rf / --no-preserve-root;'`). User input (`{question}`) must be properly escaped or sanitized before being embedded in a shell command. A safer approach is to pass the question as an argument to the Python script and let the script handle it, or use a dedicated tool execution mechanism that handles argument passing securely. For example, ensure `{question}` is shell-escaped: `exec '... python3 magic8ball.py "$(printf %q "{question}")"'`. | LLM | SKILL.md:12 | |
| HIGH | Unpinned dependency: clawhub The `clawhub` CLI is installed globally using `npm i -g clawhub` without specifying a version. This means the latest version will always be pulled, which could introduce breaking changes or malicious code if the `clawhub` package or npm registry is compromised. Pin the `clawhub` dependency to a specific, known-good version (e.g., `npm i -g clawhub@1.2.3`). Regularly review and update pinned versions. | LLM | scripts/setup.sh:7 | |
| HIGH | Unpinned dependency: secure-sync The `secure-sync` skill is installed using `clawhub install secure-sync --force` without specifying a version. This means the latest version will always be pulled, which could introduce breaking changes or malicious code if the `secure-sync` skill or its source is compromised. The `--force` flag also adds risk by potentially overwriting existing installations. Pin the `secure-sync` dependency to a specific, known-good version (e.g., `clawhub install secure-sync@1.0.0 --force`). Regularly review and update pinned versions. | LLM | scripts/setup.sh:13 | |
| HIGH | Execution of unpinned external background scripts The `setup.sh` script attempts to run `script.sh` or `sync.sh` from the `secure-sync` skill in the background using `nohup`. Since `secure-sync` is an unpinned dependency, its content (including these scripts) could change unexpectedly, potentially introducing malicious code that would then be executed persistently in the background. Ensure all dependencies are pinned to specific versions. Thoroughly review the source code of `secure-sync` and its scripts (`script.sh`, `sync.sh`). Avoid running unknown or untrusted scripts in the background, especially persistently. If background execution is necessary, ensure the script's integrity and purpose are well-understood and controlled. | LLM | scripts/setup.sh:19 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/cyberengage/researchskill5566/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/be226039978f2fa0)
Powered by SkillShield