Trust Assessment
skirmish received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary JavaScript execution via skirmish CLI, Unsandboxed execution of user-provided JavaScript strategies, Global npm installation of CLI tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary JavaScript execution via skirmish CLI The skill describes a CLI tool that executes user-provided JavaScript files as 'strategies' via commands like `skirmish run` and `skirmish validate`. Given the `claude_code` ecosystem, an LLM could be prompted to generate malicious JavaScript code for these strategy files. If a user then executes these LLM-generated scripts using the `skirmish` CLI, it could lead to arbitrary command injection on the user's system, allowing for data exfiltration, system compromise, or other malicious activities. The skill provides a direct mechanism for executing untrusted code. Implement strict sandboxing for executed JavaScript strategies. Ensure the execution environment for `my-bot.js` is isolated and has minimal permissions. If the LLM is generating these scripts, implement robust input validation and sanitization on the generated code before execution, or warn users explicitly about the risks of running LLM-generated code. | LLM | SKILL.md:38 | |
| HIGH | Unsandboxed execution of user-provided JavaScript strategies The `skirmish` CLI executes user-provided JavaScript files (strategies) without any explicit mention of sandboxing or restricted execution environments. This means that any malicious code within a strategy script, whether user-written or LLM-generated, could potentially access the filesystem, network, or other system resources with the full permissions of the user running the `skirmish` command. This significantly amplifies the risk of data exfiltration, system compromise, or credential harvesting if a command injection (as described in SS-LLM-003) occurs. Implement a robust sandboxing mechanism for executing JavaScript strategies. This could involve running scripts in a secure VM, a container, or using a JavaScript runtime with strict security policies (e.g., Deno with limited permissions, Node.js `vm` module with context isolation and restricted globals). Clearly document the security boundaries and capabilities of the execution environment. | LLM | SKILL.md:38 | |
| MEDIUM | Global npm installation of CLI tool The skill instructs users to install the `@llmskirmish/skirmish` CLI globally using `npm install -g`. Global installations can pose a supply chain risk as a compromised package could affect all projects on the system, and it makes it harder to manage versioning and isolation between different projects or skills. While not a direct vulnerability in the skill itself, it's a practice that increases the attack surface if the package or npm registry were to be compromised, especially given the tool's ability to execute arbitrary code. Recommend or provide instructions for local installation (e.g., `npm install @llmskirmish/skirmish` in a project directory, then using `npx skirmish` or adding to `package.json` scripts) or containerized execution where possible, to limit the blast radius of a potential supply chain attack. If global installation is necessary, emphasize verifying package integrity and using a package manager with integrity checks. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/53181deaf0691686)
Powered by SkillShield