Trust Assessment
snapshot-test received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via `npx` arguments, Supply Chain Risk - Unpinned `npx` dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `npx` arguments The skill describes a tool (`ai-snapshot-test`) that is invoked via `npx` with user-provided file or directory paths as arguments. If an LLM integrates this skill and constructs the `npx` command using unsanitized user input for these paths, it could lead to command injection. A malicious user could craft input like `$(malicious_command)` which, if not properly escaped or validated by the LLM, would be executed by the underlying shell. The LLM orchestrating this skill should strictly sanitize and validate all user-provided arguments before constructing and executing shell commands. File paths should be validated to ensure they are valid paths and do not contain shell metacharacters or commands. Consider using a dedicated library for command execution that handles argument escaping. | LLM | SKILL.md:10 | |
| MEDIUM | Supply Chain Risk - Unpinned `npx` dependency The skill instructs users to run `npx ai-snapshot-test`. `npx` by default fetches and executes the latest version of a package from the npm registry. This means that if the `ai-snapshot-test` package on npm were to be compromised (e.g., through a malicious update or account takeover), any LLM or user executing this command would automatically download and run the compromised version. This introduces a supply chain risk as the integrity of the executed code is not guaranteed by a pinned version. Recommend specifying a version for the `npx` command (e.g., `npx ai-snapshot-test@1.0.0`) or using a package manager like `npm` or `yarn` with a `package-lock.json` to ensure deterministic dependency resolution. The skill documentation should be updated to reflect this. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/c237afe556e77d0c)
Powered by SkillShield