Trust Assessment
second-brain received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Shell Command Injection via unescaped arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Shell Command Injection via unescaped arguments The `scripts/ensue-api.sh` script directly interpolates the `$ARGS` variable into a double-quoted string passed to `curl -d` without proper shell escaping. This allows an attacker to inject arbitrary shell commands by crafting the `$ARGS` input with shell metacharacters (e.g., `$(command)` or `| command`). This could lead to arbitrary code execution on the host system where the skill is run. Ensure that the `$ARGS` variable is properly escaped for both JSON and shell contexts before being embedded into the `curl` command. A robust solution would be to use a JSON processing tool like `jq` to construct the JSON payload safely. For example, assuming `$ARGS` is intended to be a valid JSON string, the payload could be constructed using `jq` as follows: `jq -n --arg method "$METHOD" --argjson args "$ARGS" '{"jsonrpc":"2.0","method":$method,"arguments":$args,"id":1}'`. | LLM | scripts/ensue-api.sh:29 |
Scan History
Embed Code
[](https://skillshield.io/report/1cec05ef716e59a3)
Powered by SkillShield