Trust Assessment
vnsh received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 4 critical, 0 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via URL fragment (IV parameter), Command Injection via file path in openssl command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via URL fragment (IV parameter) The `read.sh` script extracts the Initialization Vector (IV) from the URL fragment and uses it directly in an `openssl` command without proper sanitization. A malicious actor could craft a URL with shell metacharacters in the IV parameter (e.g., `iv=...; malicious_command`) to execute arbitrary commands on the host system when the URL is processed. Sanitize or validate the `$IV` variable to ensure it contains only valid hexadecimal characters before passing it to `openssl`. A robust approach would be to use a regular expression to confirm the IV matches `^[0-9a-fA-F]{32}$`. | LLM | scripts/read.sh:79 | |
| CRITICAL | Command Injection via file path in openssl command The `upload.sh` script uses the user-provided `$INPUT_FILE` path directly in an `openssl` command. If a malicious user provides a file path containing shell metacharacters (e.g., `'; rm -rf /tmp;'`), arbitrary commands could be executed on the host system. Ensure that `$INPUT_FILE` is properly sanitized or validated to prevent shell metacharacters. It's best practice to quote all variables used in shell commands, but for file paths, additional validation (e.g., checking for absolute path, no special characters) is recommended, or using a safer method to pass arguments if available. | LLM | scripts/upload.sh:34 | |
| CRITICAL | Command Injection via TTL parameter in curl command The `upload.sh` script constructs a `curl` command using the user-provided `$TTL` variable directly in the URL query string. A malicious actor could inject shell metacharacters into the `$TTL` variable (e.g., `1; malicious_command`) to execute arbitrary commands on the host system. Sanitize or validate the `$TTL` variable to ensure it contains only numeric values before embedding it into the `curl` command's URL. For example, use `[[ "$TTL" =~ ^[0-9]+$ ]]` to validate. | LLM | scripts/upload.sh:40 | |
| CRITICAL | Command Injection via TTL and file path in 'vn' CLI call The `upload.sh` script attempts to use the `vn` CLI if available, passing the user-controlled `$TTL` and `$FILE_PATH` variables directly as arguments. If `vn` is not designed to handle arbitrary input safely, or if the arguments contain shell metacharacters, this could lead to command injection. Even if `vn` itself is robust, passing unsanitized user input to an external command is a security risk. Before passing `$TTL` and `$FILE_PATH` to the `vn` command, ensure they are thoroughly sanitized and validated to prevent shell metacharacters. For `$TTL`, validate it's a number. For `$FILE_PATH`, ensure it's a valid, safe file path. It's generally safer to avoid direct execution of user-controlled strings in shell commands. | LLM | scripts/upload.sh:67 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/raullenchai/vnsh/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b2139147d8dd67ed)
Powered by SkillShield