Trust Assessment
solax-summary-fetch received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Unpinned transitive dependencies via npm install without lockfile, Skill invocation vulnerable to shell command substitution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill invocation vulnerable to shell command substitution The `SKILL.md` describes the skill invocation command as `node fetch_summary.mjs --tokenId "$SOLAX_TOKENID" --sn "$SOLAX_SN"`. Although the variables are double-quoted, shell command substitution (e.g., `$(command)`) is still performed within double quotes. If an LLM substitutes untrusted user input containing `$(...)` or `` `...` `` into `$SOLAX_TOKENID` or `$SOLAX_SN`, the shell will execute the embedded command before `node` is invoked, leading to arbitrary command execution. The LLM orchestrating the skill execution must sanitize or strictly validate any user-provided input before substituting it into shell commands. A safer approach for the skill itself would be to accept these values via standard input or a temporary file, or to use a more robust argument parsing library that explicitly handles and escapes shell metacharacters if the values are to be re-used in further shell commands. For direct command-line arguments, the primary remediation lies with the caller (the LLM) to ensure proper escaping or validation of inputs. | LLM | SKILL.md:28 | |
| MEDIUM | Unpinned transitive dependencies via npm install without lockfile The `SKILL.md` instructs to use `npm install` without a `package-lock.json` or `npm-shrinkwrap.json` file. While the direct dependency `solax-cloud-api` is pinned to `0.2.0` in `scripts/package.json`, its transitive dependencies are not. This means that future `npm install` operations could pull in different, potentially malicious, or vulnerable versions of transitive dependencies, leading to supply chain attacks. Include a `package-lock.json` file and instruct users to use `npm ci` instead of `npm install`. Alternatively, if `npm install` must be used, ensure all dependencies (including transitive ones) are explicitly pinned or audited. | LLM | SKILL.md:10 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/allmightysauron/solax-cloud-api/scripts/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/81d8eabcc08005d1)
Powered by SkillShield