Trust Assessment
vibesurf received a trust score of 39/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Direct Shell Command Example Poses Command Injection Risk, Broad File System Access via API.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/vvincent1234/vibesurf/SKILL.md:15 | |
| HIGH | Direct Shell Command Example Poses Command Injection Risk The skill provides a direct shell command example (`curl $VIBESURF_ENDPOINT/health`) for checking the VibeSurf status. While the subsequent instruction "NEVER run it yourself" refers to running the `vibesurf` server, it does not explicitly prohibit the LLM from executing the `curl` command itself. This presents a significant command injection risk, as a malicious prompt could instruct the LLM to execute this or other arbitrary shell commands, potentially leading to unauthorized code execution on the host system. Rephrase the instruction to explicitly state that the LLM should *not* execute any shell commands. Instead, it should instruct the user to run the command and report the output, or use a safe, internal API call to check the status if available. For example: "To check VibeSurf status, instruct the user to run `curl $VIBESURF_ENDPOINT/health` and report the result. Do not execute this command yourself." | LLM | SKILL.md:13 | |
| HIGH | Broad File System Access via API The skill exposes capabilities for file upload and download through the `/api/files/*` endpoints. This grants the underlying VibeSurf service (and by extension, the LLM controlling it) broad access to perform file system operations. A malicious prompt could exploit this to exfiltrate sensitive local files from the LLM's execution environment or to download and potentially execute malicious content onto the system. Implement strict sandboxing and access controls for file operations. Ensure that the VibeSurf service only has access to explicitly allowed directories and that all file operations require explicit user confirmation or are restricted to temporary, isolated storage. The LLM should be explicitly instructed to seek user confirmation for any file upload/download requests. | LLM | SKILL.md:60 | |
| MEDIUM | Reliance on Unverified External Endpoint The skill's functionality is entirely dependent on the `VIBESURF_ENDPOINT` environment variable, which points to an external VibeSurf service. If this environment variable is configured to a malicious or compromised server, all interactions, including sensitive data processing, browser automation, and credential configuration (e.g., API keys for LLMs, Composio, VibeSurf itself), could be intercepted, manipulated, or exfiltrated by the attacker controlling the rogue endpoint. Implement robust validation and verification mechanisms for the `VIBESURF_ENDPOINT`. This could include requiring the endpoint to be from a trusted domain, using TLS with certificate pinning, or providing clear warnings to the user if the endpoint is non-standard. The LLM should be instructed to verify the endpoint's legitimacy before performing sensitive operations. | LLM | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/b23eb4d7ff6c8901)
Powered by SkillShield