Trust Assessment
web-deploy received a trust score of 61/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Potential Path Traversal in 'cp' command, Potential Shell Metacharacter Injection in Environment Variable Commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Path Traversal in 'cp' command The command `cp -r ./dist/* ~/clawd/canvas/my-project/` copies files to a specified directory. If the `my-project` component of the destination path is derived from untrusted user input without proper sanitization, a malicious user could inject path traversal sequences (e.g., `../../../../etc/`) to write files to arbitrary locations outside the intended `~/clawd/canvas/` directory. Ensure that any user-provided input for the `my-project` directory name is strictly validated and sanitized to prevent path traversal. Consider using a fixed, non-user-controlled subdirectory or a robust path sanitization library. | LLM | SKILL.md:60 | |
| HIGH | Potential Shell Metacharacter Injection in Environment Variable Commands The commands `npx vercel env add SECRET_KEY` (line 30) and `railway variables set SECRET_KEY=value` (line 48) are used to set environment variables. If `SECRET_KEY` or `value` are populated directly from untrusted user input without proper escaping or sanitization, a malicious user could inject shell metacharacters (e.g., `;`, `&`, `|`, `$(...)`) to execute arbitrary commands on the host system. All user-provided input used in shell commands, especially for variable names or values, must be thoroughly sanitized and escaped to prevent shell metacharacter injection. Use command-line argument arrays or libraries that handle escaping automatically. | LLM | SKILL.md:30 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/cmanfre7/web-deploy/SKILL.md:1 | |
| MEDIUM | Unpinned 'gh-pages' npm dependency The command `npm install -D gh-pages` installs the `gh-pages` package without specifying a version. This means the latest available version will be installed, which introduces a supply chain risk. If a malicious update to `gh-pages` is published, it could be automatically pulled into the project, leading to compromise. Pin the `gh-pages` dependency to a specific, known-good version (e.g., `npm install -D gh-pages@x.y.z`) to ensure deterministic builds and mitigate risks from malicious updates. | LLM | SKILL.md:54 | |
| LOW | Unpinned 'npx' tool execution Commands like `npx http-server`, `npx vercel`, and `npx serve` execute tools directly from the npm registry without specifying a version. While convenient for development, this means the latest version is always fetched, which could introduce breaking changes or, in a worst-case scenario, malicious code if a package is compromised. This risk is generally lower for widely used and trusted packages but still present. For production or critical workflows, consider installing these tools globally or locally with pinned versions, or explicitly specifying versions in `npx` commands (e.g., `npx vercel@latest`). | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/3495c5d14993b43f)
Powered by SkillShield