Trust Assessment
skill-release-manager received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 7 critical, 0 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Unpinned npm dependency version, Command Injection via unescaped user input in execSync calls.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/skill-release-manager/index.js:3 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/skill-release-manager/index.js:49 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/skill-release-manager/index.js:50 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/skill-release-manager/index.js:56 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/skill-release-manager/index.js:62 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/skill-release-manager/index.js:65 | |
| CRITICAL | Command Injection via unescaped user input in execSync calls The skill constructs shell commands using `execSync` and directly embeds user-provided arguments (`--path`, `--remote`, `--bump`, `--notes`) into these commands via string interpolation. While some arguments are enclosed in double quotes, this does not prevent command injection if the user input itself contains shell metacharacters (e.g., `";`, `$(...)`, `` ` ``). A malicious actor could craft these arguments to execute arbitrary commands on the host system with the privileges of the running Node.js process. This vulnerability affects the `git add`, `git commit`, `node skill-publisher`, and `clawhub publish` commands. Avoid using string concatenation to build shell commands with user-controlled input. Instead, use `child_process.spawn` or `child_process.execFile` and pass arguments as an array, which prevents shell interpretation. If `execSync` must be used, ensure all user-controlled inputs are rigorously escaped for the target shell environment. | LLM | index.js:44 | |
| MEDIUM | Unpinned npm dependency version Dependency 'semver' is not pinned to an exact version ('^7.6.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/autogame-17/skill-release-manager/package.json | |
| INFO | Unpinned dependency versions in package.json The `package.json` uses caret (`^`) ranges for `semver` and `yargs` dependencies. While common, this allows for automatic updates to new minor or patch versions, which could potentially introduce breaking changes or vulnerabilities without explicit review. For critical applications, pinning exact versions or using tilde (`~`) ranges can provide more deterministic builds and reduce unexpected changes. Consider pinning exact versions (e.g., `"semver": "7.6.0"`) for critical dependencies to ensure deterministic builds and prevent unexpected updates. Regularly audit dependencies for known vulnerabilities using tools like `npm audit`. | LLM | package.json:5 |
Scan History
Embed Code
[](https://skillshield.io/report/0dff90e6215e1e29)
Powered by SkillShield