Trust Assessment
x-actionbook-recap received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary JavaScript execution via `actionbook browser eval`, Potential for arbitrary URL navigation via `actionbook browser open`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary JavaScript execution via `actionbook browser eval` The skill explicitly instructs the use of `actionbook browser eval` which allows executing arbitrary JavaScript code within the automated browser context. While the example `window.scrollBy(0, 2200)` is benign, if the argument to `eval` were constructed from untrusted user input, it could lead to client-side command injection (e.g., XSS-like attacks within the browser, data exfiltration from the browser context, or manipulation of the browsing session). Ensure that any arguments passed to `actionbook browser eval` are strictly controlled, validated, and sanitized, and never directly incorporate untrusted user input. Consider if a more limited browser interaction method is available instead of arbitrary `eval`. | LLM | SKILL.md:38 | |
| MEDIUM | Potential for arbitrary URL navigation via `actionbook browser open` The skill uses `actionbook browser open "https://x.com/<handle>"`. If the `<handle>` part of the URL is derived from untrusted user input without proper validation or sanitization, an attacker could potentially inject a malicious URL (e.g., `https://malicious.com` or `file:///etc/passwd` if the tool supports `file://` protocol) causing the automated browser to navigate to an unintended location. This could lead to phishing, data exposure, or other browser-based attacks. Implement strict validation and sanitization for the `<handle>` input to ensure it only forms a valid X.com profile URL. Only allow alphanumeric characters and underscores, and prepend `https://x.com/` explicitly. | LLM | SKILL.md:32 |
Scan History
Embed Code
[](https://skillshield.io/report/a14445a4c749fb4c)
Powered by SkillShield