Trust Assessment
seo-autopilot received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Dangerous tool allowed: exec, Broad 'exec' permission declared, Reliance on unspecified external binary 'seo-autopilot'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dangerous tool allowed: exec The skill allows the 'exec' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Static | skills/adamhjort/seo-autopilot/SKILL.md:1 | |
| MEDIUM | Reliance on unspecified external binary 'seo-autopilot' The `scripts/run.sh` script executes an external binary named `seo-autopilot`. The source, integrity, and behavior of this binary are not provided within the skill package context. This introduces a supply chain risk, as a compromised or malicious `seo-autopilot` binary could lead to unintended actions or data exfiltration, even if the skill's input validation for its arguments is robust. Provide the source code or a verifiable hash for the `seo-autopilot` binary, or ensure it is installed from a trusted, controlled environment. Document the expected behavior and security posture of this external dependency. | LLM | scripts/run.sh:9 | |
| INFO | Broad 'exec' permission declared The skill declares the 'exec' tool, which grants the ability to execute arbitrary shell commands. While the current implementation in `scripts/run.sh` uses strict input validation (whitelisting `SITE` variable) to prevent command injection, the declaration of 'exec' itself is a powerful permission. Any future changes to the script or how arguments are handled could reintroduce command injection vulnerabilities if not carefully managed. Ensure all commands executed via 'exec' are either hardcoded or use strictly validated and quoted arguments. Consider if a more granular tool (if available) could achieve the same functionality with less risk. Document the security implications of 'exec' for future maintainers. | LLM | Manifest |
Scan History
Embed Code
[](https://skillshield.io/report/b19a3de3e2464e59)
Powered by SkillShield