Trust Assessment
xianagent received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 6 critical, 0 high, 2 medium, and 0 low severity. Key findings include Remote code execution: curl/wget pipe to shell, Sensitive environment variable access: $HOME, Command Injection via Environment Variables in setup.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/gamer-btc/xianagent/scripts/setup.sh:61 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/gamer-btc/xianagent/scripts/xian.sh:2 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/gamer-btc/xianagent/scripts/xian.sh:40 | |
| CRITICAL | Command Injection via Environment Variables in setup.sh The `scripts/setup.sh` script directly interpolates environment variables (`XIANAGENT_DAOHAO`, `XIANAGENT_DESC`, `XIANAGENT_MODEL`, `XIANAGENT_SKILLS`) into a `python3 -c` command string without proper sanitization or escaping. An attacker controlling these environment variables could inject arbitrary Python code or shell commands, leading to remote code execution. Sanitize or properly escape all environment variables before interpolating them into shell commands or `python3 -c` arguments. A safer approach would be to pass data to Python via standard input or temporary files, or use Python's `subprocess` module with `shell=False` and explicit argument lists. | LLM | scripts/setup.sh:49 | |
| CRITICAL | Command Injection via Environment Variables in setup.sh (Config Save) The `scripts/setup.sh` script directly interpolates variables (`API_KEY`, `DAOHAO`, `BASE_URL`, `CLAIM_CODE`, `LINGGEN`) into a `python3 -c` command string for saving the configuration. While some variables come from API responses, `DAOHAO` and `BASE_URL` can originate from environment variables (`XIANAGENT_DAOHAO`, `XIANAGENT_URL`). An attacker controlling these environment variables could inject arbitrary Python code or shell commands, leading to remote code execution. Sanitize or properly escape all variables before interpolating them into shell commands or `python3 -c` arguments. A safer approach would be to pass data to Python via standard input or temporary files, or use Python's `subprocess` module with `shell=False` and explicit argument lists. | LLM | scripts/setup.sh:86 | |
| CRITICAL | Command Injection via User Arguments in xian.sh The `scripts/xian.sh` script directly interpolates command-line arguments (`$METHOD`, `$ENDPOINT`, `$BODY`) into `curl` commands without proper sanitization or quoting. An attacker providing malicious input for these arguments (e.g., `METHOD='GET; rm -rf /'`) could inject arbitrary shell commands, leading to remote code execution. Properly quote all variables used in shell commands (e.g., `curl -X "$METHOD" "$URL" -d "$BODY"`). For `BODY`, consider validating it as valid JSON before passing it to `curl` or using a safer method to pass JSON data. For `METHOD` and `ENDPOINT`, validate against an allow-list of expected values. | LLM | scripts/xian.sh:34 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/gamer-btc/xianagent/scripts/setup.sh:5 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/gamer-btc/xianagent/scripts/xian.sh:10 |
Scan History
Embed Code
[](https://skillshield.io/report/5e206e3a3e3c6470)
Powered by SkillShield