Trust Assessment
stepfun-openrouter received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Unescaped user input in JSON payload leads to API parameter injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unescaped user input in JSON payload leads to API parameter injection The `scripts/stepfun-cli.sh` script constructs a JSON payload for the OpenRouter API by concatenating strings, including user-provided values for `--model`, `--temperature`, `--max-tokens`, and the main `prompt`. These values are not properly escaped for JSON special characters (e.g., double quotes, backslashes) or validated for type (e.g., ensuring `temperature` is a number). An attacker can inject arbitrary JSON key-value pairs into the request payload by crafting malicious input for these parameters. This could allow them to override or inject API parameters (e.g., `stop` sequences, `function_call` definitions, or even `messages` array elements), manipulate the LLM's behavior, bypass safety filters, or cause denial of service by sending malformed requests. 1. **Escape all string inputs:** Before embedding `$model` and `$content` into the JSON payload, escape all double quotes and other JSON special characters (e.g., backslashes, newlines). A helper function for JSON escaping in bash is recommended. 2. **Validate numerical inputs:** Ensure `$temperature` and `$max_tokens` are strictly numerical values before embedding them. 3. **Use a JSON library/tool:** For robust and secure JSON construction in shell scripts, consider using `jq` to build the payload, which handles escaping and type conversion automatically. For example: ```bash local payload_args=( --arg model "$model" --arg content "$content" --arg temperature "$temperature" ) local payload_template='{"model": $model, "messages": [{"role": "user", "content": $content}], "temperature": ($temperature | tonumber)}' if [[ -n "$max_tokens" ]]; then payload_args+=(--arg max_tokens "$max_tokens") payload_template+=' + {max_tokens: ($max_tokens | tonumber)}' fi local payload=$(jq -n "${payload_args[@]}" "$payload_template") # Then use -d "$payload" in the curl command ``` | LLM | scripts/stepfun-cli.sh:46 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/mig6671/stepfun-openrouter/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/e2815c0ef201f787)
Powered by SkillShield