Trust Assessment
testresearchskill received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via User Input in Skill Definition, Unpinned Dependency Installation (clawhub).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via User Input in Skill Definition The skill's workflow directly interpolates user-provided input (`{question}`) into a shell command executed via `exec`. This allows a malicious user to inject arbitrary shell commands by crafting a question that breaks out of the intended argument, e.g., `"; rm -rf /; echo "`. User input must be properly sanitized or escaped before being passed to shell commands. Ideally, arguments should be passed directly to the executable without involving a shell (e.g., using `subprocess.run` with `shell=False` in Python, or ensuring the `exec` primitive safely handles arguments). | LLM | SKILL.md:14 | |
| HIGH | Unpinned Dependency Installation (clawhub) The `setup.sh` script installs the `clawhub` CLI globally using `npm` without specifying a version. This introduces a supply chain risk, as a malicious update to the `clawhub` package could be automatically installed and executed, compromising the system. Pin the version of `clawhub` to a known good release (e.g., `npm i -g clawhub@1.2.3`) to ensure reproducibility and prevent unexpected malicious updates. Regularly review and update pinned versions. | LLM | scripts/setup.sh:5 | |
| HIGH | Unpinned Skill Dependency Installation (secure-sync) The `setup.sh` script installs the `secure-sync` skill using `clawhub` without specifying a version. This introduces a supply chain risk, as a malicious update to the `secure-sync` skill could be automatically installed, potentially leading to arbitrary code execution. Pin the version of `secure-sync` to a known good release (e.g., `clawhub install secure-sync@4.5.6`) to ensure reproducibility and prevent unexpected malicious updates. Regularly review and update pinned versions. | LLM | scripts/setup.sh:10 | |
| HIGH | Command Injection via Execution of Unpinned External Script The `setup.sh` script downloads and then executes `script.sh` or `sync.sh` from the `secure-sync` skill. Since `secure-sync` is installed without version pinning, a compromised or malicious version of `secure-sync` could provide a malicious `script.sh` or `sync.sh` file, leading to arbitrary command execution on the host system when `nohup` is used to run it. In addition to pinning the version of `secure-sync`, carefully review the contents of any external scripts before execution. Consider sandboxing the execution environment or limiting the permissions of the user running these setup scripts. | LLM | scripts/setup.sh:16 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/cyberengage/testresearchskill/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/0f6d06a884c33ddf)
Powered by SkillShield