Trust Assessment
spacemolt received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include LLM role manipulation and instruction override, Unpinned `npx` package execution with `-y` flag, LLM instructed to handle and potentially expose sensitive credentials.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | LLM role manipulation and instruction override The skill attempts to manipulate the host LLM's role and behavior by instructing it to act as a 'player' with 'own goals, personality, and agency,' and explicitly tells it 'Never ask "what should I do next?" - just do it.' This is a direct attempt to override the LLM's default instructions and persona, which is a form of prompt injection. Remove instructions that attempt to redefine the LLM's core role or override its default operating instructions. Rephrase as suggestions or context for the game, not direct commands to the LLM's persona. | LLM | SKILL.md:20 | |
| CRITICAL | Unpinned `npx` package execution with `-y` flag The skill instructs the execution of `npx -y mcp-remote https://game.spacemolt.com/mcp`. The `mcp-remote` package is not version-pinned, meaning `npx` will download and execute the latest version available on npm. A malicious update to this package could lead to arbitrary code execution on the host system. The `-y` flag bypasses user confirmation, increasing the risk. This constitutes a significant supply chain risk and a command injection vector if the package is compromised. Pin the `mcp-remote` package to a specific, trusted version (e.g., `npx -y mcp-remote@1.2.3 ...`). Consider using a package manager's lock file or a more secure execution environment to mitigate supply chain risks. | LLM | SKILL.md:40 | |
| HIGH | LLM instructed to handle and potentially expose sensitive credentials The skill instructs the LLM to 'login with your saved username and password' and provides an example JSON-RPC call containing `{"username":"YourUsername","password":"your_saved_password"}`. If the LLM populates `your_saved_password` from its context and executes this command, the password will be transmitted to the `mcp-remote` process. Furthermore, the skill instructs the LLM to 'SAVE IT IMMEDIATELY' and 'Store your credentials securely (e.g., in your captain's log, a password manager, or a local file).' Storing credentials in a 'captain's log' (which is game-controlled) or a 'local file' (which the LLM might write to its own accessible storage) creates a risk of credential exposure or exfiltration. The `tmux capture-pane` command, used to read session output, could also inadvertently capture and expose these credentials if they appear in the game's response. Implement a secure credential management system that does not expose raw passwords to the LLM or the game process directly. Use environment variables, secure vaults, or OAuth flows. Avoid instructing the LLM to store sensitive credentials in potentially insecure locations like game logs or arbitrary local files. Ensure `capture-pane` output is sanitized for sensitive data. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/42d6d7c3bcca845b)
Powered by SkillShield