Trust Assessment
webapp-testing received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 4 critical, 2 high, 3 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Dangerous call: subprocess.Popen().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/seanphan/webapp-testing/scripts/with_server.py:69 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/seanphan/webapp-testing/scripts/with_server.py:88 | |
| CRITICAL | Command Injection via subprocess.Popen with shell=True The `scripts/with_server.py` script uses `subprocess.Popen` with `shell=True` to execute commands provided via the `--server` argument and `subprocess.run` for the main command. This allows arbitrary shell command injection if the arguments are controlled by an untrusted source. An attacker could craft a malicious `--server` argument (e.g., `--server 'evil_command; rm -rf /'`) or a malicious main command to execute arbitrary code on the host system. Avoid using `shell=True` with untrusted input. Instead, pass commands as a list of arguments to `subprocess.Popen` and `subprocess.run`. If shell features are strictly necessary, sanitize or validate input rigorously, or use a more secure method like `shlex.split()` for parsing commands. | LLM | scripts/with_server.py:70 | |
| CRITICAL | Command Injection via subprocess.run with untrusted arguments The `scripts/with_server.py` script executes the user-provided `args.command` directly using `subprocess.run`. While `shell=True` is not explicitly set here, if `args.command` contains shell metacharacters and is passed as a single string (which `subprocess.run` does by default if not given a list), it can still lead to command injection. Given the preceding `subprocess.Popen` uses `shell=True`, this pattern is highly suspicious and likely vulnerable. Ensure `args.command` is passed as a list of arguments to `subprocess.run` and that `shell=False` (the default) is maintained. If the command itself is intended to be a shell command, it must be thoroughly sanitized or validated, or `shlex.split()` should be used to safely parse it into a list of arguments. | LLM | scripts/with_server.py:86 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/seanphan/webapp-testing/scripts/with_server.py:88 | |
| HIGH | Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/seanphan/webapp-testing/scripts/with_server.py:69 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/seanphan/webapp-testing/scripts/with_server.py:18 | |
| MEDIUM | Excessive Permissions: Direct write access to user-data directory The skill examples `console_logging.py` and `static_html_automation.py` directly write output files (console logs, screenshots) to `/mnt/user-data/outputs/`. While generating output is part of the skill's function, direct write access to a user-data directory could be abused. If the skill processes untrusted web content that contains sensitive information (e.g., via console logs or rendered DOM), this information could be exfiltrated to a user-accessible location without explicit user consent for that specific data. Implement stricter controls over what data is written to user-accessible directories. For sensitive data, consider prompting the user for explicit consent before writing, or ensure that only non-sensitive, expected output is stored in these locations. Provide clear warnings about the potential for sensitive data capture when interacting with untrusted web applications. | LLM | examples/console_logging.py:30 | |
| MEDIUM | Excessive Permissions: Direct write access to user-data directory (screenshots) The skill example `static_html_automation.py` directly writes screenshots to `/mnt/user-data/outputs/`. While generating output is part of the skill's function, direct write access to a user-data directory could be abused. If the skill processes untrusted web content that displays sensitive information, this information could be captured in screenshots and exfiltrated to a user-accessible location without explicit user consent for that specific data. Implement stricter controls over what data is written to user-accessible directories. For sensitive data, consider prompting the user for explicit consent before writing, or ensure that only non-sensitive, expected output is stored in these locations. Provide clear warnings about the potential for sensitive data capture when interacting with untrusted web applications. | LLM | examples/static_html_automation.py:18 |
Scan History
Embed Code
[](https://skillshield.io/report/c8b2af3a7ed4bfb1)
Powered by SkillShield