Trust Assessment
rue-chialisp received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 4 critical, 5 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 23/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/koba42corp/rue-chialisp/scripts/rue-check.sh:38 | |
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/koba42corp/rue-chialisp/scripts/rue-check.sh:62 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/koba42corp/rue-chialisp/scripts/rue-check.sh:38 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/koba42corp/rue-chialisp/scripts/rue-check.sh:62 | |
| HIGH | Command Injection via unsanitized arguments in brun command The `brun` command, used for simulating CLVM execution, directly interpolates its arguments. If the CLVM solution arguments (e.g., `(arg1 arg2 arg3)`) are constructed from untrusted user input without proper sanitization, a malicious user could inject arbitrary CLVM code or shell metacharacters, leading to command injection. The skill's description implies natural language input will be mapped to puzzle logic, which could include these arguments. Ensure all arguments passed to `brun` that originate from user input are strictly validated and sanitized to prevent injection of malicious CLVM code or shell metacharacters. Consider using a safer method for passing arguments or escaping them appropriately. | LLM | SKILL.md:109 | |
| HIGH | Command Injection in scripts/compile_puzzle.sh The `scripts/compile_puzzle.sh` script takes a filename as its first argument (`$file`) and directly interpolates it into the `rue build` command. If the AI agent constructs this filename from untrusted user input, a malicious user could inject shell metacharacters (e.g., `'; rm -rf /'`) into the filename, leading to arbitrary command execution. Sanitize the `$file` variable to prevent shell metacharacter injection. Use `printf '%q'` or similar shell quoting mechanisms, or strictly validate the input to ensure it's a safe filename before passing it to `rue build`. | LLM | scripts/compile_puzzle.sh:10 | |
| HIGH | Command Injection / Path Traversal in scripts/rue-init.sh The `scripts/rue-init.sh` script takes a project name as its first argument (`$PROJECT`) and directly uses it in `mkdir -p "$PROJECT"` and `cd "$PROJECT"`. If the AI agent constructs this project name from untrusted user input, a malicious user could inject path traversal sequences (e.g., `../`) to create directories or change the current directory outside the intended scope, or inject shell metacharacters for command execution. Strictly validate and sanitize the `$PROJECT` variable to ensure it contains only safe characters and does not include path traversal sequences or shell metacharacters. Consider using a whitelist of allowed characters for project names. | LLM | scripts/rue-init.sh:7 | |
| HIGH | Command Injection / Path Traversal in scripts/rue-new.sh The `scripts/rue-new.sh` script takes puzzle type, name (`$NAME`), and an optional puzzles directory (`$PUZZLES_DIR`). These variables are directly used in `mkdir -p "$PUZZLES_DIR"` and `cat > "$PUZZLES_DIR/$NAME.rue"`. If the AI agent constructs `$PUZZLES_DIR` or `$NAME` from untrusted user input, a malicious user could inject path traversal sequences (e.g., `../`) to create files or directories outside the intended scope, or inject shell metacharacters for command execution. Strictly validate and sanitize `$PUZZLES_DIR` and `$NAME` variables to ensure they contain only safe characters and do not include path traversal sequences or shell metacharacters. Enforce a strict directory structure and filename conventions. | LLM | scripts/rue-new.sh:10 | |
| HIGH | Command Injection in scripts/test_puzzle.sh The `scripts/test_puzzle.sh` script takes a file path as its first argument (`$file`) and directly interpolates it into the `cargo test --manifest-path="$file"` command. If the AI agent constructs this path from untrusted user input, a malicious user could inject shell metacharacters or point to a malicious `Cargo.toml` file outside the intended project directory, leading to arbitrary command execution or loading of malicious Rust code. Sanitize the `$file` variable to prevent shell metacharacter injection and path traversal. Ensure the `--manifest-path` always points to a trusted `Cargo.toml` within the expected project structure, or strictly validate the input path. | LLM | scripts/test_puzzle.sh:10 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/koba42corp/rue-chialisp/scripts/rue-check.sh:63 | |
| LOW | Supply Chain Risk from curl | sh installation The `scripts/rue-check.sh` script uses `curl --proto '=https' ... | sh` to install the Rust toolchain. While this is a common and officially recommended method for Rust installation, it represents a supply chain risk. If the content served by `sh.rustup.rs` were compromised, arbitrary code could be executed on the system where the skill is run during the installation process. For production environments or high-security contexts, consider using pre-built packages, containerized environments, or auditing the script content before execution to mitigate the risk associated with piping untrusted content directly to a shell. Alternatively, ensure robust monitoring for changes to the `sh.rustup.rs` domain. | LLM | scripts/rue-check.sh:49 |
Scan History
Embed Code
[](https://skillshield.io/report/b1e89c4588904dc3)
Powered by SkillShield