Trust Assessment
ai-seo received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Command Injection via Shell Commands in Skill Definition, Supply Chain Risk from Untrusted External Repository, Potential Credential Exposure via Example Configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 81e7e0dd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Shell Commands in Skill Definition The skill's documentation includes shell commands (`git clone`, `pip install`, `python`) for setting up an MCP server. In a `claude_code` ecosystem, if the agent's runtime environment allows direct execution of these commands from the skill's markdown, it could lead to arbitrary command execution on the host system. This allows the skill to perform actions outside its intended scope, potentially compromising the environment. Skills should not contain direct shell commands intended for agent execution without explicit, sandboxed tool calls. If these commands are purely for user instruction, they should be clearly marked as such and presented in a way that the agent cannot misinterpret as executable instructions. Ideally, agent setup should use predefined, sandboxed tools or a secure configuration mechanism. | Static | SKILL.md:100 | |
| HIGH | Supply Chain Risk from Untrusted External Repository The skill instructs the agent (or user) to clone an external, untrusted GitHub repository (`https://github.com/AminForou/mcp-gsc`) and install its dependencies (`pip install -r requirements.txt`). This introduces a significant supply chain risk. The content of this repository, including the `server.py` script and its `requirements.txt` dependencies, is not controlled by the skill author and could contain malicious code. If executed, this malicious code could compromise the agent's environment or exfiltrate data. Avoid instructing the agent to clone and execute code from untrusted external repositories. If external code is absolutely necessary, it should be vendored, thoroughly reviewed for security vulnerabilities, and its dependencies explicitly managed and pinned to specific, known-good versions to prevent dependency confusion or malicious package updates. | Static | SKILL.md:100 | |
| INFO | Potential Credential Exposure via Example Configuration The skill provides an example of how to configure DataForSEO credentials using an environment variable (`$DATAFORSEO_BASE64_CREDENTIALS`). While the example includes an explicit warning (`# Use env var or secret manager for credentials; never paste real keys into prompts or code.`), the presence of the credential passing mechanism in the skill's documentation could, if the warning is ignored by a user, lead to accidental hardcoding or exposure of sensitive API keys in prompts or configuration files. Reinforce best practices for credential management. While the current warning is good, consider if the example could be made even more abstract (e.g., `YOUR_SECURE_CREDENTIAL_PLACEHOLDER`) or if the documentation could further emphasize the use of a secure secrets management system integrated with the agent's environment. | Static | SKILL.md:94 |
Scan History
Embed Code
[](https://skillshield.io/report/76ba6ec228d179f0)
Powered by SkillShield