Trust Assessment
skill-maker received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 6 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Command Injection via unsanitized skill name in zip command, Persistent Command Injection in generated skill's trigger.js.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/skill-maker/trigger.js:13 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/skill-maker/trigger.js:195 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/skill-maker/trigger.js:200 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/skills/skill-maker/trigger.js:211 | |
| CRITICAL | Command Injection via unsanitized skill name in zip command The `name` variable, which is directly taken from user input, is used without proper sanitization or escaping in an `execSync` call to create a zip archive. An attacker can inject shell metacharacters (e.g., `;`, `&&`, `|`, `$()`, `` ` ``) into the skill name to execute arbitrary commands on the host system when the skill creation process attempts to zip the generated files. Sanitize or escape the `name` variable before using it in `execSync`. A safer approach would be to use a Node.js library for zipping files instead of relying on external shell commands, or to pass arguments to `child_process.spawn` or `child_process.execFile` with an array of arguments to prevent shell interpretation. | LLM | trigger.js:154 | |
| CRITICAL | Persistent Command Injection in generated skill's trigger.js The `script` variable, which is directly taken from user input during skill creation, is embedded without sanitization into the `execSync` call within the `trigger.js` file generated for the new skill. This creates a persistent command injection vulnerability in any skill created using this tool. When the generated skill's `trigger.js` is executed, any shell metacharacters or commands injected into the `script` input will be executed on the system. Sanitize or escape `mainCmd.script` before embedding it into the generated `trigger.js`. A more robust solution would be to ensure the generated `trigger.js` calls a specific script file (e.g., `node scripts/main.js`) rather than executing an arbitrary string, or to pass arguments to `execSync` in a way that prevents shell interpretation (e.g., using `child_process.spawn` with an array of arguments). | LLM | trigger.js:132 | |
| HIGH | Broad filesystem access combined with command injection vulnerabilities The skill operates with broad filesystem permissions, including recursive directory deletion (`fs.rmSync`) and creation (`fs.mkdirSync`), within the user's home directory (`process.env.HOME`). While these permissions are necessary for the skill's intended function (creating and managing skill directories), the presence of critical command injection vulnerabilities (SS-LLM-003) allows an attacker to leverage these permissions to perform arbitrary file operations, including deletion of critical system files or exfiltration of sensitive data, beyond the intended scope of the skill. Address the underlying command injection vulnerabilities (SS-LLM-003) to prevent malicious exploitation of these permissions. Additionally, consider implementing stricter access controls or sandboxing if possible, to limit the impact of any potential future vulnerabilities. | LLM | trigger.js:67 |
Scan History
Embed Code
[](https://skillshield.io/report/ab626e37816e7884)
Powered by SkillShield