Trust Assessment
web-search received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Remote code execution: curl/wget pipe to shell, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dwirx/duckse/SKILL.md:32 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/dwirx/duckse/SKILL.md:32 | |
| HIGH | Potential for OS Command Injection via user query The skill demonstrates executing `duckse` commands where the `<query>` parameter is directly embedded into a shell command. If the AI agent passes unsanitized user input as the `<query>`, an attacker could inject arbitrary shell commands (e.g., `duckse "foo; rm -rf /"`) leading to command injection. The AI agent's execution environment must strictly sanitize or escape user-provided input before passing it to `duckse` or any other shell command. Consider using a safer execution mechanism that doesn't directly invoke a shell, or explicitly whitelist allowed characters/patterns for the query. | LLM | SKILL.md:40 | |
| HIGH | Unpinned installation script from 'main' branch The installation command `curl -sSL https://raw.githubusercontent.com/dwirx/duckse/main/scripts/install.sh | bash` fetches a script directly from the `main` branch of a GitHub repository. The content of this script can change at any time without notice, potentially introducing malicious code or breaking changes into the skill's environment, posing a significant supply chain risk. Pin the installation script to a specific commit hash, tag, or release version (e.g., `https://raw.githubusercontent.com/dwirx/duckse/<commit_hash>/scripts/install.sh`) to ensure deterministic and auditable installations. Alternatively, provide instructions for installing via a package manager with version pinning. | LLM | SKILL.md:30 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dwirx/duckse/SKILL.md:223 |
Scan History
Embed Code
[](https://skillshield.io/report/dc269c71704010f6)
Powered by SkillShield