Trust Assessment
telebiz-mcp received a trust score of 22/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 0 critical, 4 high, 2 medium, and 2 low severity. Key findings include Unsafe deserialization / dynamic eval, Sensitive environment variable access: $HOME, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/acastellana/telebiz-mcp-skill/dist/health.js:4 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/acastellana/telebiz-mcp-skill/dist/health.js:42 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/acastellana/telebiz-mcp-skill/dist/monitor.js:13 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/acastellana/telebiz-mcp-skill/dist/monitor.js:126 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/acastellana/telebiz-mcp-skill/telebiz-service.sh:5 | |
| MEDIUM | Unpinned npm dependency version Dependency '@modelcontextprotocol/sdk' is not pinned to an exact version ('^1.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/acastellana/telebiz-mcp-skill/package.json | |
| LOW | Unquoted Command in Shell Script Relies on PATH In `telebiz-service.sh`, the `telebiz-mcp` command is executed directly without being enclosed in quotes or specifying its full path (e.g., `nohup telebiz-mcp >> "$LOG_FILE" 2>&1 &`). While `telebiz-mcp` is defined as a `bin` entry in `package.json` and is expected to be in the system's PATH, relying solely on PATH for execution can be a security risk. If the `PATH` environment variable is compromised or a malicious executable named `telebiz-mcp` is placed in a directory that appears earlier in `PATH`, the malicious executable could be run instead of the intended one. Ensure the full, absolute path to the `telebiz-mcp` executable is used, or explicitly define and use a variable for its path. For example, `nohup "$(which telebiz-mcp)" >> "$LOG_FILE" 2>&1 &` or `nohup "$INSTALL_DIR/node_modules/.bin/telebiz-mcp" >> "$LOG_FILE" 2>&1 &`. | LLM | telebiz-service.sh:15 | |
| LOW | Broad Process Termination Command The `telebiz-service.sh` script uses `pkill -f "telebiz-mcp"` to stop processes. The `-f` flag matches against the full command line, not just the process name. This is a broad command that could inadvertently terminate other legitimate processes if their command lines happen to contain the substring 'telebiz-mcp'. While intended for cleanup, it's less precise than killing by PID. Prefer using the PID stored in `$PID_FILE` for precise process termination. If `pkill` is necessary, consider using a more specific pattern or avoiding the `-f` flag if possible, though this might require more complex process management logic. | LLM | telebiz-service.sh:43 | |
| INFO | Unpinned Dependencies in package.json The package.json file uses caret (^) ranges for dependencies, such as `"@modelcontextprotocol/sdk": "^1.0.0"` and `"ws": "^8.18.0"`. While `package-lock.json` pins exact versions for a specific build, using caret ranges in `package.json` allows for automatic updates to new minor or patch versions. This can introduce new vulnerabilities if a dependency maintainer is compromised or if a new version contains a regression, without explicit review. Pin exact versions for all dependencies in `package.json` to ensure deterministic builds and prevent unexpected changes from upstream packages. For example, change `^1.0.0` to `1.0.0`. | LLM | package.json:19 |
Scan History
Embed Code
[](https://skillshield.io/report/34226062c27bb86b)
Powered by SkillShield