Security Audit

busybox-on-windows

github.com/sickn33/antigravity-awesome-skills

AI SkillCommit e36d6fd3b3f6

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

busybox-on-windows received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Execution of unverified external binary via Invoke-WebRequest, Gathering and potential exfiltration of system information.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Execution of unverified external binary via Invoke-WebRequest The skill explicitly instructs an AI agent to download an executable (`busybox.exe`) from an external, unverified URL (`https://frippery.org/`) using `Invoke-WebRequest`. This download lacks any integrity verification (e.g., checksums, digital signatures), introducing a significant supply chain risk. Subsequently, the skill instructs the execution of this downloaded binary (`busybox.exe`). If an AI agent automatically executes code snippets from skills, this allows for arbitrary code execution from a potentially malicious or compromised external source, leading to full system compromise. Avoid downloading and executing executables from unverified external sources. If external binaries are absolutely necessary, host them in a controlled, trusted environment, and always provide cryptographic hashes (e.g., SHA256) or digital signatures for integrity verification. Implement strict sandboxing for any code execution.	LLM	SKILL.md:12
MEDIUM	Gathering and potential exfiltration of system information The skill includes PowerShell commands (`Get-CimInstance`, `Get-ItemProperty`) that gather system information such as CPU details and OS version. If an AI agent executes these commands and its output is not properly sanitized or restricted, this information could be exfiltrated to an external party. While the information itself might not be highly sensitive, it contributes to system fingerprinting and could be used for targeted attacks. Avoid instructing agents to gather system-specific information unless strictly necessary and with clear user consent. Ensure agent output channels are secure and data exfiltration policies are in place to prevent sensitive information from leaving the trusted environment.	LLM	SKILL.md:9

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/6fffd495c63e112a.svg)](https://skillshield.io/report/6fffd495c63e112a)