Security Audit
firmware-analyst
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
firmware-analyst received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill requires elevated privileges and direct device access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill requires elevated privileges and direct device access The skill provides instructions that involve executing commands requiring root privileges (`sudo chroot`, `apt install`) and direct access to system devices (`dd if=/dev/mtd0`). While these operations are necessary for comprehensive firmware analysis, they grant extensive control over the host system. An AI agent executing these commands in an unprivileged or poorly sandboxed environment could lead to significant system compromise if the agent is manipulated or the firmware being analyzed is malicious. Ensure the AI agent's execution environment is strictly sandboxed and isolated, with minimal necessary privileges. Consider using containerization (e.g., Docker, gVisor) or virtual machines for executing firmware analysis tasks. Implement strict input validation and sanitization for any user-provided data used in command construction to prevent command injection. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/b97dc7c513188bfb)
Powered by SkillShield