Trust Assessment
skill-porter received a trust score of 40/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 3 high, 3 medium, and 1 low severity. Key findings include Dangerous tool allowed: Bash, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints. | Static | skills/0xnagato/skill-porter/SKILL.md:1 | |
| HIGH | Excessive Permissions: Bash Access The skill declares 'Bash' permission, granting it the ability to execute arbitrary shell commands. While the skill's functionality (Git operations, GitHub CLI interactions) may require command execution, granting raw 'Bash' access is overly broad and bypasses more granular security controls. This allows the skill to perform any action the underlying system user can, including reading/writing any files, network requests, or system modifications. Restrict permissions to the absolute minimum required. If shell execution is necessary, use specific, sandboxed tools or functions instead of raw 'Bash' access. If 'Bash' is unavoidable, ensure all inputs to shell commands are rigorously sanitized and validated. | LLM | SKILL.md:30 | |
| HIGH | Potential Command Injection via Untrusted Input The skill describes performing 'Git operations' and 'GitHub CLI (`gh`) for repository operations', which inherently involve executing shell commands. With the declared 'Bash' permission, if user-provided input (e.g., file paths, repository names, branch names from 'Example requests') is directly interpolated into these shell commands without proper sanitization, it could lead to command injection. An attacker could craft malicious input to execute arbitrary commands on the host system. Implement strict input validation and sanitization for all user-provided data used in shell commands. Prefer using libraries or APIs that abstract shell execution and handle argument escaping safely. Avoid direct string concatenation for constructing shell commands. | LLM | SKILL.md:197 | |
| MEDIUM | Unpinned npm dependency version Dependency 'js-yaml' is not pinned to an exact version ('^4.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/0xnagato/skill-porter/package.json | |
| MEDIUM | Potential Data Exfiltration via Git Operations The skill's features 'Pull Request Generation' and 'Fork and Dual Setup' involve pushing content to remote Git repositories. The skill also processes 'Environment variables' and 'MCP server configuration paths', which can contain sensitive data. If these sensitive data points are inadvertently included in the content pushed to a public or unauthorized remote repository during a PR or fork operation, it could lead to data exfiltration. Carefully review and filter all data before pushing to remote repositories. Ensure that environment variables, MCP configurations, or any other potentially sensitive information are not included in public PRs or forks unless explicitly intended and secured. Implement mechanisms to redact or exclude sensitive files/data from Git operations. | LLM | SKILL.md:160 | |
| MEDIUM | Potential Credential Exposure via Configuration Processing The skill processes 'Environment variables' and 'MCP server configuration paths', which are common locations for storing API keys, tokens, and other secrets. If these credentials are not handled securely (e.g., by being logged, included in error reports, or pushed to remote repositories during 'Pull Request Generation' or 'Fork and Dual Setup'), they could be exposed. The skill's description of converting environment variables to settings further highlights its interaction with potentially sensitive configuration. Ensure that credentials processed by the skill are never logged, printed, or included in any output that could be publicly accessible. Implement secure handling for secrets, such as redacting them from logs and ensuring they are not committed to version control or included in PRs/forks without explicit user consent and robust encryption. | LLM | SKILL.md:89 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/0xnagato/skill-porter/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/ae130e4624942c6a)
Powered by SkillShield