Trust Assessment
xmtp-cli-send received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via CLI arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via CLI arguments The skill describes the use of the `xmtp` CLI tool, which takes arguments such as `--message`, `--target`, and `--group-id`. If an LLM agent constructs these commands by directly embedding untrusted user input into these arguments without proper sanitization or shell escaping, it could lead to command injection. An attacker could craft malicious input (e.g., `'; rm -rf /'`) to execute arbitrary shell commands on the host system. This is a common vulnerability when external commands are executed with user-controlled input. Ensure all user-provided inputs intended for shell command arguments (e.g., `--message`, `--target`, `--group-id`) are strictly validated and properly escaped for the shell context before execution. Prefer using a safe command execution mechanism (e.g., `subprocess.run` with `shell=False` and passing arguments as a list) over constructing a single shell string. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/3e3a5b11d9b27a39)
Powered by SkillShield