Security Audit
daily-news-report
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
daily-news-report received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Unsanitized Bash commands with wildcards, Unconstrained Read and Write file system permissions, Unconstrained Chrome DevTools access with data exfiltration capability.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized Bash commands with wildcards The skill declares `Bash(mkdir*)`, `Bash(date*)`, and `Bash(ls*)` permissions. The wildcard `*` allows arbitrary arguments to be passed to these commands. If any part of these commands (e.g., directory names for `mkdir`, arguments for `date` or `ls`) is derived from untrusted input (such as the `date` argument hint in the manifest or scraped content), it creates a direct command injection vulnerability. An attacker could inject malicious shell commands, leading to arbitrary code execution. Restrict Bash commands to exact commands without wildcards (e.g., `Bash(mkdir)`, `Bash(date)`, `Bash(ls)`) and ensure all arguments passed to Bash commands are strictly validated and sanitized, especially if derived from user input or external sources. For directory creation, consider using a tool that creates directories safely without shell execution. | LLM | SKILL.md | |
| HIGH | Unconstrained Read and Write file system permissions The skill declares `Read` and `Write` permissions without any path constraints. This allows the skill to read from and write to any file or directory accessible to the agent. This poses a significant risk for data exfiltration (reading sensitive files like `/etc/passwd`, `~/.ssh/id_rsa`) and data integrity (overwriting critical system files or injecting malicious code). While the skill describes reading specific JSON files and writing to a `NewsReport/` directory, the granted permissions are far broader than necessary. Restrict `Read` and `Write` permissions to specific, necessary file paths or directories (e.g., `Read(sources.json, cache.json)`, `Write(NewsReport/*, cache.json)`). Avoid granting broad file system access unless absolutely critical and thoroughly justified. | LLM | SKILL.md | |
| HIGH | Unconstrained Chrome DevTools access with data exfiltration capability The skill declares `mcp__chrome-devtools__*` permission, granting full access to the Chrome DevTools protocol. This is an extremely powerful capability. While the skill describes using it for legitimate web scraping (`new_page`, `wait_for`, `take_snapshot`, `close_page`), the wildcard `*` means any DevTools command can be executed. The `take_snapshot` command, explicitly mentioned, can capture the entire DOM of a webpage, including potentially sensitive information. This poses a high risk for data exfiltration if the agent is directed to visit or scrape sensitive internal pages, or if an attacker can manipulate the URLs visited. Restrict `mcp__chrome-devtools__` permissions to only the specific commands required (e.g., `mcp__chrome-devtools__new_page`, `mcp__chrome-devtools__wait_for`, `mcp__chrome-devtools__take_snapshot`, `mcp__chrome-devtools__close_page`). Implement strict validation and sanitization of URLs passed to browser automation tools. Ensure that `take_snapshot` output is handled securely and only necessary data is extracted. | LLM | SKILL.md:109 |
Scan History
Embed Code
[](https://skillshield.io/report/cb78d6de50ed3752)
Powered by SkillShield