Security Audit

vercel-labs/skills:skills/find-skills

github.com/vercel-labs/skills

AI SkillCommit 7c0a9af3f873

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

vercel-labs/skills:skills/find-skills received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unsanitized user input in shell commands, Agent instructed to install arbitrary global packages from potentially untrusted sources.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on May 1, 2026 (commit 7c0a9af3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

55%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Unsanitized user input in shell commands The skill instructs the agent to construct and execute shell commands (`npx skills find [query]`, `npx skills add <package>`) where parts of the command (`[query]`, `<package>`, `<owner/repo@skill>`) are directly derived from user input. There are no explicit instructions for sanitizing or escaping this input, which creates a classic command injection vulnerability. A malicious user could inject shell metacharacters (e.g., `;`, `&&`, `\|`, `` ` ``) to execute arbitrary commands on the host system. Instruct the agent to strictly sanitize or escape all user-provided input before incorporating it into shell commands. For example, by quoting arguments or using a library function designed for shell argument escaping to prevent shell metacharacter interpretation.	Static	SKILL.md:57
HIGH	Agent instructed to install arbitrary global packages from potentially untrusted sources The skill explicitly instructs the agent to install packages globally (`npx skills add <owner/repo@skill> -g -y`) based on user input. While the skill includes verification steps (install count, source reputation, GitHub stars), these are not foolproof against sophisticated attacks, typosquatting, or compromised legitimate packages. Installing arbitrary packages, especially globally (`-g`), introduces a significant supply chain risk, as a malicious package could execute arbitrary code during installation or when used, potentially compromising the host system. The `-y` flag further bypasses confirmation prompts at the CLI level. 1. Restrict the agent to installing skills only from a pre-approved, trusted list of publishers or repositories. 2. Implement stricter, automated validation of skill packages before installation. 3. Avoid global installations (`-g`) unless absolutely necessary, preferring local or sandboxed installations. 4. Ensure the agent explicitly confirms with the user before executing any installation command, detailing the package name and source, and warning about the risks of installing packages from unknown sources.	Static	SKILL.md:99

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e855ff2f673580a3.svg)](https://skillshield.io/report/e855ff2f673580a3)