Trust Assessment
vinculum received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 3 critical, 1 high, 4 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary command execution, Unsafe deserialization / dynamic eval.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/koba42corp/vinculum/scripts/commands/relay.js:272 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/koba42corp/vinculum/scripts/commands/relay.js:6 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/koba42corp/vinculum/scripts/index.js:167 | |
| HIGH | Untrusted Peer Addition Allows Data Exfiltration/Manipulation The `/link relay peer <url>` command allows users to add an arbitrary URL as a remote peer to the Gun.js network. This user-controlled URL is stored in the configuration and subsequently used by the GunAdapter to establish connections. A malicious actor could provide a URL to an attacker-controlled server, potentially leading to:
1. **Data Exfiltration**: While shared data is encrypted, metadata (e.g., connection patterns, agent IDs, activity timestamps) could be leaked to the untrusted peer.
2. **Data Manipulation/Injection**: A malicious peer could attempt to inject corrupted or misleading data into the collective's shared consciousness, or disrupt the network.
3. **Denial of Service**: A malicious peer could flood the client with bad data or cause connection issues.
This bypasses the implicit trust model of a 'shared consciousness' by allowing connection to arbitrary, untrusted endpoints. Implement strict validation for peer URLs, such as whitelisting allowed protocols or domains, or requiring explicit user confirmation for external or untrusted IP addresses/domains. Provide clear warnings to the user about the security implications of adding untrusted peers. Consider implementing a trust mechanism for peers. | LLM | scripts/commands/relay.js:300 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/koba42corp/vinculum/scripts/gun-loader.js:17 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/koba42corp/vinculum/scripts/utils/formatting.js:100 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/koba42corp/vinculum/scripts/utils/pairing-code.js:3 | |
| MEDIUM | Unpinned npm dependency version Dependency 'gun' is not pinned to an exact version ('^0.2020.1240'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/koba42corp/vinculum/package.json | |
| LOW | Unpinned Dependencies in package.json The 'gun', 'ws', and 'yaml' dependencies in package.json use caret (^) ranges, allowing minor or patch updates. While package-lock.json pins exact versions, a fresh install without a lock file or a compromised registry could introduce vulnerable versions. This increases the supply chain risk. Pin all dependencies to exact versions (e.g., "gun": "0.2020.1240") to ensure deterministic and secure builds across all environments. Regularly audit and update dependencies. | LLM | package.json:34 |
Scan History
Embed Code
[](https://skillshield.io/report/4ec63b34a8e69011)
Powered by SkillShield