Trust Assessment
simple-backup received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unescaped user-controlled variable in grep The `REMOTE_DEST` variable, which can be set by the user via skill configuration or environment variable, is used to derive `REMOTE_NAME`. `REMOTE_NAME` is then used within a `grep -q` command: `rclone listremotes | grep -q "$REMOTE_NAME"`. Although double-quoted, these quotes do not prevent command substitution (e.g., `$(evil_command)`) if present within the variable's value. If a malicious user sets `REMOTE_DEST` to a value like `myremote:$(id)`, the `$(id)` command will be executed by the shell, leading to arbitrary command injection. Avoid using user-controlled variables directly in shell commands where command substitution is possible. Instead of `grep`, consider using `awk` or a dedicated `rclone` command (if available) to check for remote existence. If `grep` must be used, ensure the variable is properly escaped for shell interpretation, or use `grep -F` for fixed string matching and explicitly escape any shell metacharacters in the input if `grep -F` is not sufficient to prevent shell expansion. | LLM | simple-backup.sh:147 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/vacinc/simple-backup/simple-backup.sh:22 | |
| MEDIUM | Unpinned npm dependency version Dependency 'rclone' is not pinned to an exact version ('*'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/vacinc/simple-backup/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/vacinc/simple-backup/package.json | |
| INFO | Unpinned dependencies in package.json The `package.json` file specifies `rclone: "*"` and `gpg: "*"` as dependencies. Using `*` means that any version, including potentially malicious or breaking changes, could be installed without explicit review. While the `SKILL.md` suggests `brew install` and the script uses `command -v` for runtime checks, the `package.json` still declares these unpinned dependencies, which is a general weak practice in software development and could introduce supply chain risks if `npm` were used for installation. Pin dependencies to specific versions (e.g., `"rclone": "1.60.1"`) or use caret/tilde ranges (e.g., `"rclone": "^1.60.1"`) to allow for minor updates while maintaining better control over the installed versions. | LLM | package.json:10 |
Scan History
Embed Code
[](https://skillshield.io/report/15aaa9e761179b53)
Powered by SkillShield