Security Audit
robanderson/claude-my-skills:mockoon-cli/skills/mockoon-cli
github.com/robanderson/claude-my-skillsTrust Assessment
robanderson/claude-my-skills:mockoon-cli/skills/mockoon-cli received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 2 medium, and 0 low severity. Key findings include Potential Data Exfiltration via Log Access, Command Injection Risk via Unsanitized User Input, Credential Exposure in Transaction Logs.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 9961c562). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via Log Access The skill demonstrates how to use Mockoon CLI to proxy API traffic and log all requests and responses. These logs can contain sensitive information such as request bodies, headers (including Authorization tokens), and URLs. The skill explicitly provides `curl` commands to retrieve these logs via the Mockoon Admin API (e.g., `curl http://localhost:3000/mockoon-admin/logs`). If an agent executes this command and subsequently processes or transmits the retrieved logs without proper redaction or security controls, it could lead to the exfiltration of sensitive data. Implement strict access controls for the Mockoon Admin API, especially in production environments (as suggested by `--disable-admin-api`). Ensure that any retrieved logs are thoroughly redacted or sanitized to remove sensitive information before being processed, stored, or displayed by the agent. Avoid exposing log retrieval endpoints to untrusted parties. | LLM | SKILL.md:150 | |
| HIGH | Command Injection Risk via Unsanitized User Input The skill provides numerous examples of `bash` commands that take file paths, URLs, and other parameters as arguments (e.g., `--data`, `--port`, `--proxyHost`). If an LLM agent constructs these commands by directly embedding untrusted user input without robust sanitization or validation, a malicious user could provide specially crafted input to break out of the argument context and execute arbitrary shell commands. For example, a user could provide a filename like `'; rm -rf /; #`. Implement robust input validation and sanitization for all user-provided arguments before constructing and executing shell commands. Use parameterized execution methods where available, or strictly whitelist allowed characters and patterns for file paths, URLs, and other command-line arguments. Avoid direct concatenation of untrusted input into shell commands. | LLM | SKILL.md:130 | |
| HIGH | Credential Exposure in Transaction Logs The skill's primary function involves proxying and logging API traffic. The example log structure explicitly shows `authorization: "Bearer token123"` within the request headers. While the skill advises against committing API keys, the very nature of logging API interactions means that sensitive credentials (like API keys, bearer tokens, or session cookies) will be captured in the transaction logs. If these logs are accessed, stored, or processed by an agent without proper redaction, it could lead to the exposure or harvesting of credentials. Implement automatic redaction or masking of sensitive fields (e.g., `Authorization` headers, specific body fields) within the Mockoon configuration or during log processing. Ensure that log files and the Mockoon Admin API are secured with strict access controls and are not accessible to unauthorized users or systems. Consider using environment variables for sensitive data and ensuring they are not inadvertently logged. | LLM | SKILL.md:305 | |
| MEDIUM | Excessive Permissions Required for Skill Execution The skill describes actions that require significant system permissions, including global package installation (`npm install -g`), binding to network ports (e.g., 3000), reading and writing local files (configuration files, log files), and proxying network traffic to arbitrary external hosts. If an agent is granted broad permissions to execute arbitrary shell commands, this skill could be leveraged to perform actions beyond its intended scope, such as unauthorized filesystem access, network scanning, or data exfiltration. Adhere to the principle of least privilege. Run the agent and its executed commands within a sandboxed or containerized environment with minimal necessary filesystem and network access. Avoid global `npm install` in production or automated environments; prefer local installations or pre-built images. Restrict outbound network access to only necessary endpoints. | LLM | SKILL.md:40 | |
| MEDIUM | Unpinned Dependency in Installation Instructions The installation instructions `npm install -g @mockoon/cli` do not specify a version for the `@mockoon/cli` package. This means that executing this command will install the latest available version. If a malicious or vulnerable version of `@mockoon/cli` were to be published to the npm registry, it could be automatically installed, introducing a supply chain vulnerability and potentially leading to arbitrary code execution or other security compromises. Always pin dependency versions in installation instructions (e.g., `npm install -g @mockoon/cli@1.2.3`) to ensure reproducible and secure installations. For project-specific dependencies, use a `package-lock.json` file to lock down versions. Regularly audit and update dependencies to known secure versions. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/65c9dc72b698e72a)
Powered by SkillShield