Trust Assessment
social-signals received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via LLM-generated Shell Commands, Unpinned External Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via LLM-generated Shell Commands The skill's `SKILL.md` defines command patterns that involve embedding user-controlled input directly into shell commands (e.g., `python3 {baseDir}/scripts/signals.py sentiment "<token>"`). If the host LLM does not rigorously escape shell metacharacters present in the user's input before constructing and executing these commands, a malicious user could inject arbitrary shell commands. For example, if a user provides input like `foo"; rm -rf /; echo "bar`, and the LLM generates `python3 ... sentiment "foo"; rm -rf /; echo "bar"`, the `rm -rf /` command would be executed. Instruct the host LLM to strictly sanitize and escape all user-provided arguments (e.g., using `shlex.quote` or similar mechanisms) before embedding them into shell command strings. Alternatively, consider refactoring the skill to use direct Python function calls or a more robust command execution wrapper that handles argument separation securely, rather than relying on shell string interpolation. | LLM | SKILL.md:22 | |
| INFO | Unpinned External Dependencies The `scripts/signals.py` file uses `from dotenv import load_dotenv` and calls `load_dotenv()`, indicating a dependency on the `python-dotenv` package. However, no `requirements.txt` or explicit version pinning for this (or any other external) dependency is provided within the skill context. This can lead to supply chain risks, as future versions of `python-dotenv` (or other implied dependencies) could introduce breaking changes, vulnerabilities, or unexpected behavior, impacting the skill's stability and security. Create a `requirements.txt` file that explicitly lists and pins all external Python dependencies used by the skill to specific, known-good versions (e.g., `python-dotenv==0.19.0`). This ensures reproducible builds and mitigates risks associated with unvetted dependency updates. | LLM | scripts/signals.py:13 |
Scan History
Embed Code
[](https://skillshield.io/report/39807e899b59aa75)
Powered by SkillShield