Trust Assessment
school-finder received a trust score of 24/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 0 medium, and 1 low severity. Key findings include File read + network send exfiltration, Sensitive path access: AI agent config, Command Injection via unescaped shell parameters.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/barneyjm/school-finder/SKILL.md:41 | |
| CRITICAL | Command Injection via unescaped shell parameters The `scripts/school-finder.sh` script constructs a `curl` command using user-provided JSON input. While the `query` parameter is correctly URL-encoded using `jq ... | @uri`, other parameters such as `lat`, `lon`, `radius`, and `limit` are extracted using `jq -r` and directly concatenated into the `QUERY_STRING` without further shell escaping. An attacker can inject shell metacharacters (e.g., `;`, `&`, `|`, `` ` ``) into these parameters within the input JSON, leading to arbitrary command execution on the host system when the `curl` command is executed. All user-controlled variables that are concatenated into a shell command string must be properly escaped for the shell. For URL parameters, they should be URL-encoded. Modify the `build_query_string` function to URL-encode `lat`, `lon`, `radius`, and `limit` using `jq -rn --arg v "$value" '$v|@uri'` before appending them to the `params` string, similar to how the `query` parameter is handled. | LLM | scripts/school-finder.sh:49 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/barneyjm/school-finder/SKILL.md:41 | |
| LOW | Unpinned dependency version for clawhub The installation instructions for `clawhub` use `@latest` (e.g., `npx clawhub@latest install school-finder`). While convenient, this means the exact version of `clawhub` is not pinned. Future updates to `clawhub` could introduce breaking changes or, in a worst-case scenario, malicious code, without explicit user consent or review of the specific version. Pin `clawhub` to a specific, known-good version (e.g., `npx clawhub@1.2.3 install school-finder`) to ensure reproducibility and mitigate risks from unexpected updates. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/3b7ecee7335062bd)
Powered by SkillShield