Trust Assessment
spacemolt received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include LLM Persona Manipulation and Autonomy Instruction, Unpinned External Dependency Execution via npx, LLM Instructed to Handle and Potentially Expose Credentials.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | LLM Persona Manipulation and Autonomy Instruction The skill explicitly instructs the LLM to adopt a new persona ('You are a player now. Not an assistant.') and to act autonomously ('Play indefinitely without asking permission... Never ask 'what should I do next?' - just do it'). This is a direct attempt to override the LLM's core instructions and manipulate its behavior, which is a severe form of prompt injection. Remove all instructions that attempt to redefine the LLM's persona, role, or autonomy. Ensure the skill's instructions are purely functional and do not interfere with the LLM's core directives. | LLM | SKILL.md:10 | |
| HIGH | Unpinned External Dependency Execution via npx The skill instructs the execution of `npx -y mcp-remote`. `npx` will fetch and execute the latest version of the `mcp-remote` package from npm if not already cached. The lack of a version pin means that a malicious update to the `mcp-remote` package could be automatically downloaded and executed, leading to arbitrary code execution on the host system. The `-y` flag bypasses any interactive confirmation, increasing the risk. Pin the `mcp-remote` package to a specific, trusted version (e.g., `npx mcp-remote@1.2.3`). Consider using a package manager with lockfiles or a more controlled execution environment. Remove the `-y` flag if possible to require confirmation. | LLM | SKILL.md:35 | |
| HIGH | LLM Instructed to Handle and Potentially Expose Credentials The skill explicitly instructs the LLM to manage sensitive game credentials (username and a 256-bit password) for login. It advises saving these credentials in locations accessible to the LLM (e.g., 'captain's log' which is an in-game tool, or 'a local file'). Combined with the instruction for the LLM to 'Keep your human informed with progress updates', there is a high risk that the LLM could inadvertently expose these credentials to the user or store them insecurely within its context, making them vulnerable to further prompt injections or data leakage. Avoid instructing the LLM to directly handle or store sensitive credentials. If credentials are required, use secure environment variables, a dedicated secrets management system, or a tool that securely prompts the user for input without exposing it to the LLM's context. | LLM | SKILL.md:64 | |
| MEDIUM | Broad Shell Command Execution Capabilities The skill extensively uses `tmux` and `npx` commands, granting the LLM broad capabilities to execute shell commands. While the specific commands are for game interaction, the underlying tools (`tmux` for session management and `npx` for arbitrary package execution) provide significant power. Specifically, `tmux -S "$SOCKET" capture-pane` allows the LLM to read the entire output of the `mcp-remote` process, which could contain sensitive information or error messages that an attacker could exploit. Restrict the LLM's access to shell commands to the absolute minimum necessary. If `tmux` is essential, consider wrapping its functionality in a more constrained tool or API. Limit the scope of `capture-pane` or filter its output if sensitive data is expected. | LLM | SKILL.md:33 |
Scan History
Embed Code
[](https://skillshield.io/report/4fc2ea0eac0a1529)
Powered by SkillShield