Trust Assessment
safe-exec received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 0 critical, 1 high, 12 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Sensitive environment variable access: $USER, Sensitive environment variable access: $GITHUB_USER.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 30/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe use of 'eval' with user-controlled command The script `safe-exec-approve.sh` uses `eval "$COMMAND"` to execute commands. While this skill is designed to intercept and approve dangerous commands, `eval` is inherently unsafe when used with input that originates from user-controlled sources (even if approved). If the risk assessment logic in `safe-exec.sh` is flawed or bypassed, a malicious command could be approved and then executed directly by `eval`, leading to arbitrary code execution. Avoid using `eval` for executing user-controlled commands. Instead, consider using a safer method like `bash -c` with proper quoting, or explicitly whitelist commands and arguments. If `eval` is strictly necessary, ensure robust and exhaustive sanitization and validation of the `$COMMAND` variable before it is stored or executed, to prevent any form of shell metacharacter injection or unexpected command chaining. | LLM | scripts/safe-exec-approve.sh:49 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/scripts/safe-exec-ai-wrapper.sh:5 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/scripts/safe-exec-ai-wrapper.sh:25 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/scripts/safe-exec-approve.sh:5 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/scripts/safe-exec-list.sh:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/scripts/safe-exec-reject.sh:5 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/scripts/safe-exec.sh:5 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/scripts/safe-exec.sh:288 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/tools/publish-to-github.sh:9 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/tools/push-to-github.sh:10 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_USER Access to sensitive environment variable '$GITHUB_USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lucky-2968/safe-exec-0-3-2/tools/release.sh:51 | |
| MEDIUM | Unpinned npm dependency version Dependency 'package-lock.json' is not pinned to an exact version ('^1.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lucky-2968/safe-exec-0-3-2/package.json | |
| MEDIUM | Suspicious dependency 'package-lock.json' The `package.json`, `package-lock.json`, and `pnpm-lock.yaml` files list a dependency named `package-lock.json`. This is highly unusual and likely indicates a misunderstanding of package management or a typosquat. While the current package at this name on npm appears to be benign (an empty package), depending on such a package introduces a supply chain risk. A malicious actor could potentially take over or publish a harmful update to this package, which could then be pulled into the project. Review and remove the `package-lock.json` dependency from `package.json`, `package-lock.json`, and `pnpm-lock.yaml`. Ensure that only legitimate and necessary packages are listed as dependencies to mitigate supply chain risks. | LLM | package.json:3 |
Scan History
Embed Code
[](https://skillshield.io/report/53bb45029156dc0f)
Powered by SkillShield