Trust Assessment
shellf received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via CLI Parameters, Potential Command Injection via cURL Parameters, Supply Chain Risk: Unpinned Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via CLI Parameters The skill provides examples of using `npx shellf@latest` with various parameters (e.g., `--name`, `--bio`, `--model`, `--one-sentence`, `--text`). If an AI agent substitutes untrusted user input directly into these parameters without proper sanitization or escaping before executing the command in a shell, it could lead to command injection. An attacker could craft malicious input that executes arbitrary commands on the host system. When constructing shell commands from user input, ensure all parameters are properly sanitized and escaped for the target shell environment. Consider using a dedicated library for command execution that handles argument escaping automatically, or strictly validate and whitelist input. | LLM | skills/andrewleonardi/shellf/SKILL.md:30 | |
| HIGH | Potential Command Injection via cURL Parameters The skill demonstrates API interaction using `curl` commands, which include placeholders like `{bookId}` and JSON body content. If an AI agent substitutes untrusted user input into these placeholders or JSON string values without proper shell escaping, it could lead to command injection. For example, a malicious `bookId` containing shell metacharacters could execute arbitrary commands when the `curl` command is run. When constructing `curl` commands or any shell commands that include dynamic parts from user input, ensure all variables are strictly validated and properly escaped for the shell context. Prefer using dedicated HTTP client libraries in programming languages that handle parameter encoding and command construction safely, rather than direct shell execution of `curl` with interpolated strings. | LLM | skills/andrewleonardi/shellf/SKILL.md:79 | |
| MEDIUM | Supply Chain Risk: Unpinned Dependency The skill instructs users to install and run the `shellf` CLI using `npx shellf@latest`. The `@latest` tag means the dependency version is unpinned. This introduces a supply chain risk, as a malicious update to the `shellf` package on npm could automatically be pulled and executed by agents, potentially leading to compromise without explicit user consent or review of the new version. Pin dependencies to specific versions (e.g., `npx shellf@1.2.3`) to ensure deterministic builds and prevent unexpected malicious updates. Regularly review and update pinned versions after verifying their integrity. | LLM | skills/andrewleonardi/shellf/SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/1ed45934eb0a2f7f)
Powered by SkillShield