Security Audit
environment-setup-guide
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
environment-setup-guide received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 18 findings: 10 critical, 1 high, 6 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Network egress to untrusted endpoints, Sensitive environment variable access: $USER.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings18
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/environment-setup-guide/SKILL.md:52 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/environment-setup-guide/SKILL.md:153 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/environment-setup-guide/SKILL.md:160 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/environment-setup-guide/SKILL.md:161 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/environment-setup-guide/SKILL.md:386 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/environment-setup-guide/SKILL.md:238 | |
| CRITICAL | Unverified script execution for Homebrew installation The skill suggests installing Homebrew by piping the output of `curl` directly into `bash`. This executes an arbitrary script downloaded from the internet without prior review, posing a significant supply chain risk. If the GitHub repository or the script itself were compromised, it could lead to arbitrary code execution with the user's privileges. Recommend downloading the script, reviewing it, and then executing it, or using a package manager's official repository if available. Alternatively, provide a link to the official installation instructions and advise users to follow them carefully. | LLM | SKILL.md:67 | |
| CRITICAL | Unverified script execution with root privileges for Node.js installation The skill suggests installing Node.js on Linux by piping the output of `curl` from `deb.nodesource.com` directly into `sudo -E bash -`. This executes an arbitrary script downloaded from the internet with root privileges, posing a critical supply chain risk. A compromise of `deb.nodesource.com` could lead to full system compromise. Advise against piping `curl` output directly to `sudo bash`. Instead, recommend adding the NodeSource repository key and repository manually, or using a version manager like `nvm` for safer installation. | LLM | SKILL.md:77 | |
| CRITICAL | Unverified script execution with PowerShell for Chocolatey installation The skill suggests installing Chocolatey on Windows using `iex ((New-Object System.Net.WebClient).DownloadString(...))`, preceded by `Set-ExecutionPolicy Bypass`. This downloads and executes a PowerShell script from `community.chocolatey.org` directly, bypassing execution policies. This is a critical supply chain risk, as a compromise of the source could lead to arbitrary code execution. Advise against direct execution of downloaded scripts. Recommend downloading the script, reviewing it, and then executing it, or using alternative, more secure installation methods. | LLM | SKILL.md:87 | |
| CRITICAL | Unverified script execution with root privileges for Docker installation The skill suggests installing Docker on Linux by downloading a script via `curl` and then executing it with `sudo sh`. This executes an arbitrary script downloaded from the internet with root privileges, posing a critical supply chain risk. A compromise of `get.docker.com` could lead to full system compromise. Advise against piping `curl` output directly to `sudo sh`. Instead, recommend following Docker's official documentation for adding their repository and installing via `apt` or `yum`. | LLM | SKILL.md:160 | |
| HIGH | User added to Docker group grants root-level access The skill instructs adding the current user to the `docker` group (`sudo usermod -aG docker $USER`). While necessary for Docker operation without `sudo`, membership in the `docker` group effectively grants root-level access to the system, as containers can be run with arbitrary privileges and mount host file systems. This is a significant privilege escalation that users should be explicitly warned about. Add a prominent warning about the security implications of adding a user to the `docker` group, explaining that it grants root-equivalent privileges. Suggest alternative methods for managing Docker if root access is a concern (e.g., using `sudo` for Docker commands, or Docker Desktop for non-Linux systems). | LLM | SKILL.md:163 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/environment-setup-guide/SKILL.md:262 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/environment-setup-guide/SKILL.md:52 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/environment-setup-guide/SKILL.md:153 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/environment-setup-guide/SKILL.md:160 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/environment-setup-guide/SKILL.md:161 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/environment-setup-guide/SKILL.md:386 | |
| LOW | Hardcoded credentials in example environment variables and Docker Compose The skill provides examples for `.env` files and `docker-compose.yml` that contain hardcoded sensitive information such as `API_KEY=your-api-key-here`, `SECRET_KEY=your-secret-key-here`, and `POSTGRES_PASSWORD=password`. While these are examples, they promote an insecure practice if users copy them directly without replacing the placeholders, potentially leading to credentials being committed to version control or used insecurely. Replace hardcoded sensitive values with clear placeholders like `API_KEY=<YOUR_API_KEY_HERE>` and add explicit warnings in the documentation that these values *must* be replaced with actual secrets and never committed to public repositories. | LLM | SKILL.md:109 |
Scan History
Embed Code
[](https://skillshield.io/report/6d03953d08ee8133)
Powered by SkillShield