Trust Assessment
sui-move received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Command Injection via 'rg' (ripgrep) in search workflow, Command Injection via 'cat' in file reading workflow.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via 'rg' (ripgrep) in search workflow The skill's 'Workflow' section explicitly instructs the agent to execute `rg` commands for searching reference materials. The `keyword` and `topic` arguments for these commands are likely to be derived from untrusted user input. Without proper sanitization of these arguments, an attacker could inject arbitrary shell commands (e.g., `keyword="; rm -rf /"`) leading to arbitrary code execution on the host system. Implement robust input sanitization for `keyword` and `topic` arguments before constructing and executing the `rg` command. Ensure that shell metacharacters are properly escaped or use a safe command execution mechanism that prevents shell interpretation of user-provided strings. | LLM | SKILL.md:122 | |
| HIGH | Command Injection via 'cat' in file reading workflow The skill's 'Workflow' section explicitly instructs the agent to execute `cat` commands to read specific reference files. The `<path>/<file>.md` argument for this command is likely to be derived from untrusted user input. Without proper sanitization and path validation, an attacker could manipulate the path (e.g., `../../../../etc/passwd`) to perform directory traversal and read arbitrary files outside the intended reference directories, leading to sensitive data disclosure. Implement robust input sanitization and strict path validation for the `<path>/<file>.md` argument. Ensure that the path is strictly confined to the intended reference directories and does not contain directory traversal sequences (`..` or similar constructs). | LLM | SKILL.md:125 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/easonc13/sui-move/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/5c090b3d37c88031)
Powered by SkillShield