Trust Assessment
speech-to-text received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Excessive Bash Permissions for 'infsh' CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Excessive Bash Permissions for 'infsh' CLI The skill declares 'Bash(infsh *)' as an allowed tool. This grants permission to execute any command starting with 'infsh', including potentially sensitive commands like 'infsh config set', 'infsh delete', or other administrative functions not directly related to the skill's stated purpose of speech-to-text transcription. While the examples provided only show benign usage, the broad permission allows for potential abuse if the skill were to be modified or if user input were to be improperly sanitized and passed to arbitrary 'infsh' commands. Restrict the 'Bash' permission to only the specific 'infsh' subcommands and arguments strictly necessary for the skill's functionality. For example, if only 'infsh app run' is needed, declare 'Bash(infsh app run *)' or even more specific patterns if the tool allows argument-level restrictions. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/7e068321d0b950ee)
Powered by SkillShield