Trust Assessment
specstory-guard received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 3 critical, 6 high, 0 medium, and 0 low severity. Key findings include Malicious install hooks, Arbitrary command execution, Hardcoded Bearer Token detected.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 9454d3f2). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Malicious install hooks Python setup.py with suspicious imports Review all lifecycle scripts carefully. Remove install hooks that make network requests, execute shell commands, or access environment variables. Use --ignore-scripts for npm installs when possible. | Manifest | skills/specstory-guard/scripts/setup.py:18 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/specstory-guard/scripts/guard.py:20 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/specstory-guard/scripts/setup.py:32 | |
| HIGH | Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/specstory-guard/SKILL.md:70 | |
| HIGH | Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/specstory-guard/SKILL.md:80 | |
| HIGH | Dangerous call: subprocess.call() Call to 'subprocess.call()' detected in function 'run_python'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/specstory-guard/scripts/guard.py:20 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'repo_root'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/specstory-guard/scripts/setup.py:32 | |
| HIGH | Regular Expression Denial of Service (ReDoS) via user-provided allowlist The `scan.py` script allows users to provide custom regular expression patterns via the `SPECSTORY_GUARD_ALLOWLIST` environment variable. These patterns are compiled using `re.compile()` and then used to search text. A malicious or poorly constructed regex pattern (e.g., one with catastrophic backtracking) could consume excessive CPU resources, leading to a denial of service for the agent or the system running the scan. This is a direct risk when processing untrusted input as regex. Implement robust validation for user-provided regular expressions to prevent catastrophic backtracking patterns. Consider using a regex library that offers better ReDoS protection or limiting the complexity of allowed patterns. Alternatively, provide a curated list of safe patterns and disallow arbitrary user-defined regex. | Static | scripts/scan.py:100 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 3 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | LLM | (sanity check) |
Scan History
Embed Code
[](https://skillshield.io/report/2a7d84014fa950d2)
Powered by SkillShield