Trust Assessment
tools-marketplace received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned npm dependency `mcp-remote`, Potential Command Injection via `sh -c` with unescaped environment variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned npm dependency `mcp-remote` The `scripts/setup.sh` installs the `mcp-remote` npm package globally without specifying a version. This means that if a malicious version of `mcp-remote` is published to the npm registry, the setup script would automatically install it, potentially compromising the user's system. It is a best practice to pin dependencies to specific versions to ensure reproducibility and prevent supply chain attacks. Pin the `mcp-remote` dependency to a specific, known-good version (e.g., `npm install -g mcp-remote@1.2.3`) to ensure reproducibility and prevent installation of potentially malicious future versions. | LLM | scripts/setup.sh:48 | |
| HIGH | Potential Command Injection via `sh -c` with unescaped environment variable The Python script embedded in `scripts/setup.sh` configures OpenClaw to execute `mcp-remote` via `sh -c`. The command string includes `$DANUBE_API_KEY` which is resolved from the environment. If the `DANUBE_API_KEY` environment variable contains malicious shell commands (e.g., `$(rm -rf /)` or `"; malicious_command #"`), it could lead to arbitrary command execution when `sh -c` interprets the string. This is a classic shell injection vector. Avoid using `sh -c` with unescaped environment variables. Instead, call `mcp-remote` directly as the command and pass the API key as a separate argument or via a securely handled environment variable that is not subject to shell expansion. For example, if `mcp-remote` is in the PATH, the configuration could be `"command": "mcp-remote", "args": ["https://mcp.danubeai.com/mcp", "--header", "danube-api-key:" + os.environ.get("DANUBE_API_KEY", "")]`. | LLM | scripts/setup.sh:80 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/preston-thiele/danube/scripts/setup.sh:18 |
Scan History
Embed Code
[](https://skillshield.io/report/1d6a99dba9467324)
Powered by SkillShield