Trust Assessment
xmtp-cli received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill description indicates direct shell command execution with user-controlled arguments, Skill instructs installation of unpinned global dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill description indicates direct shell command execution with user-controlled arguments The skill's primary function is to 'Run and script the XMTP CLI'. The documentation explicitly shows examples like `npx @xmtp/cli <command> <arguments>`. If the skill's implementation allows user input to directly populate `<command>` or `<arguments>` without proper sanitization, it creates a severe command injection vulnerability, allowing arbitrary shell commands to be executed on the host system. Implement robust input validation and sanitization for all user-provided arguments passed to shell commands. Prefer using a safe command execution library that separates command from arguments (e.g., `subprocess.run(['npx', '@xmtp/cli', command, arg1, arg2])` in Python) rather than shell interpolation. Consider sandboxing the execution environment for CLI tools. | LLM | SKILL.md:48 | |
| MEDIUM | Skill instructs installation of unpinned global dependencies The `SKILL.md` provides instructions to install the `@xmtp/cli` package globally using `npm install -g @xmtp/cli`, `pnpm add -g @xmtp/cli`, or `yarn global add @xmtp/cli`. These commands install the latest available version of the package, which is unpinned. This introduces a supply chain risk where a malicious update to the `@xmtp/cli` package could automatically be installed, compromising the system. The `npx` command also fetches the latest version by default. Always pin dependency versions (e.g., `npm install -g @xmtp/cli@1.2.3`) to ensure reproducible and secure installations. Regularly audit and update dependencies after verifying their integrity. For `npx`, consider using `npx @xmtp/cli@version <command>` to specify a version. | LLM | SKILL.md:38 |
Scan History
Embed Code
[](https://skillshield.io/report/10d33df6cafc6a99)
Powered by SkillShield