Trust Assessment
tokenmeter received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 2 critical, 3 high, 7 medium, and 0 low severity. Key findings include File read + network send exfiltration, Unsafe deserialization / dynamic eval, Dangerous call: __import__().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/cheenu1092-oss/tokenmeter/tokenmeter/cli.py:377 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/cheenu1092-oss/tokenmeter/tokenmeter/cli.py:534 | |
| HIGH | Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/cheenu1092-oss/tokenmeter/tokenmeter/checkpoint.py:141 | |
| HIGH | Dangerous call: __import__() Call to '__import__()' detected in function 'update_file_checkpoint'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/cheenu1092-oss/tokenmeter/tokenmeter/checkpoint.py:141 | |
| HIGH | Repository URL mismatch in skill instructions and package metadata The `SKILL.md` instructs the bot to clone the `tokenmeter` repository from `https://github.com/jugaad-lab/tokenmeter.git`. However, the `pyproject.toml` file, which defines the package's metadata, declares its `Homepage` and `Repository` URLs as `https://github.com/yajatns/tokenmeter`. This discrepancy creates a significant supply chain risk. The bot might be installing a package whose declared origin (and potentially its contents or future updates) differs from the source it was instructed to clone. This could lead to unexpected code, vulnerabilities, or even malicious software being introduced if `jugaad-lab` is not the intended or trusted source for `yajatns/tokenmeter`. Ensure consistency between the `git clone` URL specified in `SKILL.md` and the `Homepage`/`Repository` URLs declared in the `pyproject.toml` of the actual `tokenmeter` package. If `jugaad-lab` is a trusted fork, this should be explicitly documented, and the `pyproject.toml` within that fork should reflect its origin. Ideally, the bot should clone from the same repository that is declared as the official source in `pyproject.toml`. | LLM | SKILL.md:46 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/cheenu1092-oss/tokenmeter/tokenmeter/fetcher.py:60 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/cheenu1092-oss/tokenmeter/tokenmeter/fetcher.py:104 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/cheenu1092-oss/tokenmeter/tokenmeter/fetcher.py:285 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/cheenu1092-oss/tokenmeter/examples/daily-report.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/cheenu1092-oss/tokenmeter/examples/test-installation.sh:15 | |
| MEDIUM | Unpinned Python dependency version Dependency 'typer>=0.9.0' is not pinned to an exact version. Pin Python dependencies with exact versions where feasible. | Dependencies | skills/cheenu1092-oss/tokenmeter/pyproject.toml | |
| MEDIUM | Unpinned dependencies in pyproject.toml The `pyproject.toml` file specifies dependencies using `>=` operators (e.g., `typer>=0.9.0`, `rich>=13.0.0`, `requests>=2.28.0`). This allows for the installation of any future version of these packages. While convenient, this practice introduces a supply chain risk, as a new version could inadvertently introduce breaking changes, vulnerabilities, or even malicious code if a package maintainer's account is compromised. For production-grade skills, it is safer to pin dependencies to exact versions or use a lock file. Pin dependencies to exact versions (e.g., `typer==0.9.0`) to ensure reproducible builds and prevent unexpected changes. Alternatively, use a dependency management tool that generates a lock file (e.g., Poetry, Pip-tools) to manage transitive dependencies securely. | LLM | pyproject.toml:26 |
Scan History
Embed Code
[](https://skillshield.io/report/ca4ada4aa352e8cb)
Powered by SkillShield