Trust Assessment
xmtp-cli-groups received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via CLI Argument Interpolation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via CLI Argument Interpolation The skill documentation demonstrates the use of `xmtp` CLI commands that accept user-provided arguments (e.g., `--target`, `--name`, `--member-addresses`). If the host LLM constructs these shell commands by directly interpolating untrusted user input into these arguments without proper sanitization (e.g., quoting, escaping), a malicious user could inject arbitrary shell commands. For example, providing input like `0x123...; rm -rf /` for an address could lead to arbitrary command execution on the host system. Implement robust input sanitization and shell escaping for all user-provided arguments before constructing and executing shell commands. Use libraries or functions specifically designed for safe command execution (e.g., `subprocess.run` with `shell=False` and passing arguments as a list, or proper quoting for `shell=True`). Ensure that all user-controlled strings passed to CLI tools are properly quoted or escaped to prevent command injection. | LLM | SKILL.md:21 |
Scan History
Embed Code
[](https://skillshield.io/report/fb12bbe6bd996c0f)
Powered by SkillShield