Trust Assessment
tabstack-extractor received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 3 medium, and 0 low severity. Key findings include Suspicious import: requests, Command Injection in tabstack_curl.sh via URL parameter, Command Injection in tabstack_curl.sh via Schema file content.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection in tabstack_curl.sh via URL parameter The `extract_markdown` and `extract_json` functions in `scripts/tabstack_curl.sh` construct `curl` commands by directly embedding the `$url` variable into a JSON string without proper shell escaping. A malicious URL containing shell metacharacters (e.g., `"; $(evil_command); echo "`) could break out of the JSON string and execute arbitrary shell commands on the system where the script is run. Use `jq` to properly escape the URL before embedding it into the `curl -d` argument. For example, `url_escaped=$(jq -n --arg url "$url" '$url')` then `-d "{\"url\": $url_escaped}"`. | LLM | scripts/tabstack_curl.sh:40 | |
| HIGH | Command Injection in tabstack_curl.sh via Schema file content The `extract_json` function in `scripts/tabstack_curl.sh` reads the content of a user-specified schema file (`$schema_file`) using `cat` and then directly embeds this content (`$schema`) into the `curl` command's JSON payload. If the schema file contains malicious JSON that includes shell metacharacters (e.g., `{"key": "value\"}, "evil": "$(evil_command)"}`), it could lead to command injection when the `curl` command is executed. Use `jq` to properly escape the schema content before embedding it into the `curl -d` argument. For example, `schema_escaped=$(jq -c . "$schema_file")` then `-d "{\"url\": \"$url\", \"json_schema\": $schema_escaped}"`. | LLM | scripts/tabstack_curl.sh:57 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/noblepayne/tabstack-extractor/scripts/tabstack_api.py:18 | |
| MEDIUM | Arbitrary File Read in tabstack_curl.sh The `extract_json` function in `scripts/tabstack_curl.sh` uses `cat "$schema_file"` to read the content of a JSON schema. If a malicious actor can control the `$schema_file` argument, they can specify any file path on the system, leading to the exfiltration of its content (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) through the `curl` request body to the Tabstack API. Implement strict validation for `schema_file` to ensure it points to an expected and safe location (e.g., within a designated `references/` directory) and does not contain path traversal sequences (`../`). Avoid reading arbitrary files based on user input. | LLM | scripts/tabstack_curl.sh:51 | |
| MEDIUM | Arbitrary File Read in tabstack_api.py The `if __name__ == "__main__":` block in `scripts/tabstack_api.py` allows reading an arbitrary file specified by `sys.argv[3]` when the `json` command is used. The content of this file is then loaded as JSON and sent to the Tabstack API. If a malicious actor can control this argument, they can specify any file path on the system, leading to the exfiltration of its content (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) to the Tabstack API. Implement strict validation for `schema_file` to ensure it points to an expected and safe location (e.g., within a designated `references/` directory) and does not contain path traversal sequences (`../`). Avoid reading arbitrary files based on user input. | LLM | scripts/tabstack_api.py:118 |
Scan History
Embed Code
[](https://skillshield.io/report/66e8faf9bf7302b8)
Powered by SkillShield