Security Audit
database-migrations-migration-observability
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
database-migrations-migration-observability received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 0 medium, and 0 low severity. Key findings include Credential Harvesting via Grafana Token Exfiltration, Data Exfiltration via Slack Webhook URL Manipulation, Unauthorized Database Access/Data Exfiltration via Debezium Connector Configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential Harvesting via Grafana Token Exfiltration The skill uses `self.config['grafana_token']` directly in an `Authorization` header for an HTTP POST request to `self.config['grafana_url']`. If the `grafana_url` and `grafana_token` are derived from untrusted user input (e.g., `$ARGUMENTS`), a malicious user could provide an attacker-controlled URL to exfiltrate the `grafana_token` to their server. The declared `WebFetch` permission allows this network request, posing a critical risk for credential harvesting. Ensure `grafana_url` and `grafana_token` are sourced from secure, validated environment variables or a secrets management system, not directly from untrusted user input (`$ARGUMENTS`). Implement strict validation and sanitization for any URL or credential-related configuration derived from user input. If user input must specify the Grafana instance, validate the URL against a whitelist of allowed domains. | LLM | SKILL.md:190 | |
| HIGH | Data Exfiltration via Slack Webhook URL Manipulation The skill uses `self.config['slack']['webhook_url']` directly to send alerts. If this `webhook_url` is derived from untrusted user input (e.g., `$ARGUMENTS`), a malicious user could provide an attacker-controlled webhook URL. This could lead to exfiltration of alert messages (which might contain sensitive migration data) or the webhook URL itself to an attacker's server. The declared `WebFetch` permission facilitates this data exfiltration. Ensure `slack.webhook_url` is sourced from secure, validated environment variables or a secrets management system, not directly from untrusted user input (`$ARGUMENTS`). Implement strict validation and sanitization for any URL derived from user input. If user input must specify the Slack webhook, validate the URL against a whitelist or ensure it's a known, secure endpoint. | LLM | SKILL.md:235 | |
| HIGH | Unauthorized Database Access/Data Exfiltration via Debezium Connector Configuration The `setup_debezium_connector` function constructs a Debezium connector configuration including sensitive database connection details (`hostname`, `port`, `dbname`) and sends it to `self.config['kafka_connect_url']`. If `source_config` and `kafka_connect_url` can be influenced by untrusted user input (`$ARGUMENTS`), a malicious user could provide arbitrary database connection details or an attacker-controlled Kafka Connect URL. This could lead to unauthorized connections to internal databases, exposure of internal network information, or data exfiltration if a malicious connector is successfully deployed. Ensure `source_config` and `kafka_connect_url` are sourced from secure, validated environment variables or a secrets management system, not directly from untrusted user input (`$ARGUMENTS`). Implement strict validation and sanitization for all database connection parameters and URLs derived from user input. Restrict the Kafka Connect instance's network access and database permissions to only necessary resources. | LLM | SKILL.md:120 | |
| HIGH | Unauthorized MongoDB Access/Data Exfiltration via Connection String The `ObservableAtlasMigration` class initializes a MongoDB client with a `connectionString`. If this `connectionString` is derived directly from untrusted user input (`$ARGUMENTS`) without validation, a malicious user could provide a connection string pointing to an attacker-controlled MongoDB instance. This could lead to data exfiltration if the migration process reads sensitive data, credential harvesting if connection errors expose credentials, or resource exhaustion/Denial of Service by connecting to a malicious endpoint. The declared `WebFetch` permission allows arbitrary network connections. Ensure `connectionString` is sourced from secure, validated environment variables or a secrets management system, not directly from untrusted user input (`$ARGUMENTS`). Implement strict validation and sanitization for the connection string, including whitelisting allowed hosts/ports if applicable. Restrict the skill's network access to only necessary MongoDB instances. | LLM | SKILL.md:20 | |
| INFO | Excessive Permissions Declared The skill declares broad permissions including `Read`, `Write`, `Edit`, `Bash`, and `WebFetch`. While `WebFetch` is used by the provided code snippets for network requests, the `Bash` and `Edit` permissions are not explicitly demonstrated as being used in the Python/JavaScript logic in a way that directly leads to an exploit within the skill's core functionality. However, these broad permissions increase the attack surface and potential impact if other vulnerabilities are present or if the skill generates code that leverages these permissions based on untrusted input. Review and reduce the declared permissions to the absolute minimum required for the skill's intended functionality. If `Bash` or `Edit` are not strictly necessary for the skill's core logic, they should be removed. If they are needed for generated code, ensure robust input validation and sanitization for any user-controlled data used in such operations. | LLM | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/c26d7ea1d6afa5af)
Powered by SkillShield