Trust Assessment
xmtp-cli-permissions received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via CLI arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via CLI arguments The skill describes executing `xmtp` CLI commands with arguments such as `--group-id`, `--features`, and `--permissions`. If an AI agent constructs these commands by directly interpolating untrusted user input into these arguments without proper sanitization (e.g., shell escaping), it could lead to arbitrary command execution. An attacker could inject malicious commands by providing specially crafted input for these parameters, potentially compromising the underlying system or escalating privileges within the XMTP group management. Implement robust input validation and shell escaping for all user-provided arguments before constructing and executing CLI commands. When using `subprocess` in Python, prefer passing arguments as a list (e.g., `subprocess.run(['xmtp', 'permissions', 'list', '--group-id', user_input_id])`) and avoid `shell=True` to prevent shell injection. Ensure all user-controlled variables are properly sanitized or quoted if shell execution is unavoidable. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/f51ad0c5abc76388)
Powered by SkillShield