Trust Assessment
stitch-ui-designer received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned `npx` package execution, User-controlled input passed to `mcporter call`, Execution of arbitrary `npx` package with broad permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned `npx` package execution The skill instructs the LLM to configure a tool using `mcporter config add stitch --command "npx" --args "-y stitch-mcp-auto"`. This command executes `npx -y stitch-mcp-auto` without specifying a version. This means `npx` will fetch the latest version of `stitch-mcp-auto` from npm. If a malicious actor publishes a new version of `stitch-mcp-auto` (either by compromising the original package or through typosquatting), the skill could execute arbitrary malicious code. The `-y` flag exacerbates this by automatically confirming installation, making it a severe supply chain risk. Pin the `stitch-mcp-auto` package to a specific, known-good version (e.g., `npx -y stitch-mcp-auto@1.2.3`). Regularly audit the pinned version for vulnerabilities and update only after verification. | LLM | SKILL.md:11 | |
| HIGH | User-controlled input passed to `mcporter call` The skill instructs the LLM to call `stitch.generate_screen_from_text` with a user-provided `prompt`. If the underlying `mcporter` tool or the `stitch-mcp-auto` package does not properly sanitize or escape arguments before executing commands, a malicious user could craft a `prompt` that leads to command injection. This could allow arbitrary command execution on the host system. Ensure that all user-provided inputs passed to external commands (like `prompt` to `stitch.generate_screen_from_text`) are strictly validated, sanitized, and properly escaped for the target execution environment. The `mcporter` and `stitch-mcp-auto` tools should implement robust input sanitization. | LLM | SKILL.md:20 | |
| MEDIUM | Execution of arbitrary `npx` package with broad permissions The skill configures `mcporter` to use `npx` to execute `stitch-mcp-auto`. `npx` allows the execution of arbitrary JavaScript/TypeScript code from npm. This grants the `stitch-mcp-auto` package the full permissions of the user running the LLM agent, including filesystem access, network access, and the ability to interact with other system processes. While `stitch-mcp-auto` is intended for UI generation, the underlying execution environment is highly privileged, increasing the potential impact of any vulnerabilities in the package. If possible, run `npx` commands in a sandboxed or containerized environment with minimal necessary permissions. Review the `stitch-mcp-auto` package's source code to understand its exact permissions and ensure it adheres to the principle of least privilege. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/4af88c1ae93f3c2b)
Powered by SkillShield