Trust Assessment
seede received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Command Injection via unvalidated file path in 'upload', Data Exfiltration via 'upload' command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unvalidated file path in 'upload' The `upload` command in `scripts/seede.sh` directly uses user-supplied input (`$2`, representing `file_path`) in shell commands `file --mime-type -b "$2"` and `base64 -i "$2"` without proper sanitization or escaping. An attacker can inject arbitrary shell commands by providing a specially crafted `file_path` containing shell metacharacters (e.g., `;`, `|`, `$(...)`). This allows for arbitrary code execution on the host system. Sanitize or escape user-provided file paths before passing them to shell commands. For `file` and `base64`, ensure the input is a valid, safe file path. Consider using a programming language's built-in functions for file operations and base64 encoding instead of shelling out, or strictly validate the input against a whitelist of allowed characters/patterns. | LLM | scripts/seede.sh:90 | |
| HIGH | Data Exfiltration via 'upload' command injection Leveraging the command injection vulnerability in the `upload` command, an attacker can specify a sensitive file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, or other local files) to be read, base64 encoded, and then sent to the Seede API as part of the asset upload. This allows for exfiltration of arbitrary files accessible to the script's execution context. Implement robust input validation and sanitization for file paths to prevent command injection. Ensure that only intended files can be uploaded and that the content of sensitive files cannot be read and transmitted. If file uploads are necessary, restrict them to specific directories or file types and use secure file handling practices. | LLM | scripts/seede.sh:90 | |
| MEDIUM | JSON Injection in 'create' command payload The `create` command constructs a JSON payload for the `curl` request using `$NAME` and `$PROMPT` directly from user input without proper JSON escaping. If `$NAME` or `$PROMPT` contain unescaped double quotes (`"`) or backslashes (`\`), they can break the JSON structure, leading to invalid requests or allowing an attacker to inject arbitrary JSON fields into the payload. This could manipulate the API request in unintended ways or cause server-side errors. Before embedding user-supplied strings (`$NAME`, `$PROMPT`) into a JSON payload, ensure they are properly JSON-escaped. This typically involves escaping double quotes, backslashes, and control characters. A robust JSON library or a dedicated escaping function should be used for this purpose. | LLM | scripts/seede.sh:50 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/hilongjw/seede-design/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/c5d6eefd8ddbf790)
Powered by SkillShield