Trust Assessment
secret-rotator received a trust score of 13/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Missing required field: name, Sensitive path access: SSH key/config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/sa9saq/secret-rotator/SKILL.md:22 | |
| CRITICAL | Potential Command Injection via User-Provided Paths The skill explicitly instructs the host LLM to 'Always ask the user which directories to scan' and then provides example `find` and `ls` shell commands. If the host LLM directly interpolates user-provided directory paths into these commands without proper sanitization or escaping, a malicious user could inject arbitrary shell commands. For instance, providing a path like `foo -exec rm -rf {} \;` could lead to data loss or system compromise. Implement robust input sanitization and escaping for all user-provided arguments used in shell commands. Prefer using safer, language-specific file system APIs over direct shell execution when possible, or ensure commands are executed in a sandboxed environment. If shell execution is necessary, use argument arrays or careful quoting to prevent injection. | LLM | SKILL.md:20 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/config'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/sa9saq/secret-rotator/SKILL.md:22 | |
| HIGH | Risk of Secret Exposure during Post-Rotation Verification Step 4 of the instructions suggests 'Test the new key works (e.g., `curl` a health endpoint with the new key)'. While the skill includes explicit rules against displaying or sending secret values, executing `curl` with an actual API key as part of the command (e.g., in headers or URL parameters) carries a significant risk. If the `curl` command's output (especially verbose output or error messages), execution logs, or history are not meticulously scrubbed, the new key could be inadvertently exposed to the user, logs, or other system components. When executing commands that use secrets, ensure that: 1) Secrets are passed securely (e.g., via environment variables for the command's execution, not directly in the command string). 2) Command output is strictly filtered to remove any secret values before being displayed or logged. 3) Verbose logging for such commands is disabled or redirected to secure, non-user-facing channels. 4) Consider using a dedicated, secure API client library instead of raw `curl` for sensitive operations. | LLM | SKILL.md:48 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/secret-rotator/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/086518ecfd0d130e)
Powered by SkillShield