Trust Assessment
tencent-map received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 5 critical, 0 high, 0 medium, and 1 low severity. Key findings include Remote code execution: curl/wget pipe to shell, Node lockfile missing, Shell Command Injection via Unsanitized URL Parameters.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/coreyleung-art/qqmap/scripts/tencent_map.sh:44 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/coreyleung-art/qqmap/scripts/tencent_map.sh:88 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/coreyleung-art/qqmap/scripts/tencent_map.sh:120 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/coreyleung-art/qqmap/scripts/tencent_map.sh:153 | |
| CRITICAL | Shell Command Injection via Unsanitized URL Parameters User-provided arguments (KEYWORD, REGION, ADDRESS, LAT, LNG, RADIUS) are directly interpolated into URL strings within the `tencent_map.sh` script. The shell performs command substitution (e.g., `$(command)`) within double-quoted strings. If an attacker provides input containing shell metacharacters or command substitutions (e.g., `$(rm -rf /)`), these commands will be executed on the host system before the `curl` command is invoked. This allows for arbitrary command execution. User-provided input must be thoroughly sanitized or URL-encoded to prevent shell command substitution before being interpolated into URL strings. A robust solution would involve a dedicated URL encoding function in bash or using a more secure method for constructing HTTP requests that automatically handles parameter encoding and prevents shell expansion. For example, using `python` for the entire request might be safer, or carefully escaping all shell metacharacters from user input. | LLM | scripts/tencent_map.sh:29 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/coreyleung-art/qqmap/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/27d6612e8e11c2f3)
Powered by SkillShield