Trust Assessment
bash-linux received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions Declared, Potential Data Exfiltration via Bash Commands, Bash Command Injection Risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Excessive Permissions Declared The skill declares highly privileged permissions including `Bash`, `Write`, `Edit`, `Read`, `Glob`, and `Grep`. The `Bash` permission allows arbitrary command execution, while `Write` and `Edit` enable modification of any accessible files. This combination grants the AI agent extensive control over the host system, posing a significant security risk if exploited. Review and strictly limit the declared permissions to the absolute minimum required for the skill's intended function. Implement robust sandboxing or containerization for skill execution environments to mitigate the impact of potential exploits. | LLM | SKILL.md:1 | |
| HIGH | Potential Data Exfiltration via Bash Commands The skill includes examples for viewing environment variables (`env`, `printenv`) and making network requests (`curl`). With the declared `Bash` and `Read` permissions, an attacker could prompt the AI agent to use these commands with untrusted input, coercing it into exfiltrating sensitive data (e.g., API keys in environment variables, file contents) to an attacker-controlled server. Implement strict input validation and sanitization for any user-provided arguments to commands executed via this skill. Restrict network access for the agent if possible. Avoid storing sensitive credentials in environment variables accessible to the agent. | LLM | SKILL.md:70 | |
| HIGH | Bash Command Injection Risk The skill demonstrates powerful Bash patterns like command substitution (`$(...)` in `kill -9 $(lsof -t -i :3000)`) and direct string manipulation (`sed`). If the AI agent incorporates untrusted user input into these command structures, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. The `Bash` permission makes this a direct exploit path. Ensure all user-provided input is rigorously validated, sanitized, and ideally, passed as arguments to commands rather than directly interpolated into shell strings. Use safer alternatives like `find -exec` or scripting languages for complex operations involving user input. | LLM | SKILL.md:48 |
Scan History
Embed Code
[](https://skillshield.io/report/4c9719b70b9fbf3b)
Powered by SkillShield