Trust Assessment
static-files received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned remote script execution with sudo privileges during installation, Potential Command Injection in `sf-helper.sh` via `sf` CLI arguments, API Key exposed in documentation and helper script for debugging.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned remote script execution with sudo privileges during installation The installation instructions in `SKILL.md` recommend executing a remote script directly from GitHub (`https://raw.githubusercontent.com/.../install.sh`) via `curl` and piping it to `sudo bash`. This poses a critical supply chain risk as the content of the script is not pinned to a specific version or hash and can change at any time. A malicious actor gaining control of the GitHub repository could alter the script to execute arbitrary commands with root privileges on the host system, leading to full system compromise. This is also a direct command injection vector. Avoid direct piping to `sudo bash`. Download the script first, inspect it, and then execute it. Pin the script to a specific version or hash (e.g., commit hash or release tag) and verify its integrity with a checksum before execution. Minimize privileges by ensuring the script drops root privileges as soon as possible, or provide alternative, more secure installation methods like package manager installations or pre-built binaries. | LLM | SKILL.md:136 | |
| HIGH | Potential Command Injection in `sf-helper.sh` via `sf` CLI arguments The `sf-helper.sh` script constructs and executes `sf` CLI commands using user-controlled variables (`$site`, `$dir`, `$auth`). For example, `$SF_CLI sites create "$site"`. If the `sf` CLI itself does not properly sanitize these arguments before internal execution (e.g., passing them to a shell or system call without proper escaping), a malicious input containing shell metacharacters (e.g., `"; rm -rf /"`) could lead to arbitrary command execution. This is a common vulnerability pattern in shell scripts wrapping other executables. The `sf` CLI should be hardened to prevent shell injection through its arguments. If `sf` is implemented in a language like Python or Node.js, it should use safe subprocess execution methods (e.g., `subprocess.run` with `shell=False` in Python, or `child_process.spawn` in Node.js) and pass arguments as a list. If `sf` is a shell script, it needs robust input validation and escaping for any internal `eval` or `sh -c` calls. For the `sf-helper.sh` script, consider adding input validation for site names and paths to restrict characters to a safe set (e.g., alphanumeric and hyphens). | LLM | scripts/sf-helper.sh:34 | |
| MEDIUM | API Key exposed in documentation and helper script for debugging The `SKILL.md` documentation explicitly shows `echo $SF_API_KEY` as a troubleshooting step. Additionally, the `sf-helper.sh` script's `check_env` function prints `SF_API_KEY` to stderr if it's not set. An AI agent, if prompted to debug or inspect environment variables, could inadvertently expose this sensitive credential, leading to data exfiltration. Avoid printing sensitive environment variables directly. For debugging, suggest checking if the variable is *set* without printing its value, or use a masked output. For example, `[ -z "$SF_API_KEY" ] && echo "Error: SF_API_KEY is not set"` or `echo "SF_API_KEY is set: ${SF_API_KEY:0:4}..."`. | LLM | SKILL.md:107 |
Scan History
Embed Code
[](https://skillshield.io/report/8b9295a05a9d142d)
Powered by SkillShield