Trust Assessment
turborepo-caching received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: Environment file, Path Traversal Vulnerability in Self-Hosted Cache Server.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 5d65aa10). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | plugins/developer-essentials/skills/turborepo-caching/SKILL.md:52 | |
| CRITICAL | Path Traversal Vulnerability in Self-Hosted Cache Server The provided Node.js Express server for a self-hosted Turborepo cache constructs file paths using unsanitized user input from `req.params.hash` and `req.query.teamId`. An attacker can inject path traversal sequences (e.g., `../`) into these parameters to read or write files outside the intended cache directory. This could lead to data exfiltration (e.g., reading `/etc/passwd`) or arbitrary file write (e.g., writing a malicious script). Sanitize or validate `hash` and `teamId` parameters to prevent path traversal. Ensure they only contain valid characters and do not include path separators. A common approach is to use a library like `sanitize-filename` or implement strict regex validation. Additionally, ensure the `CACHE_DIR` is isolated and has appropriate filesystem permissions. | Static | SKILL.md:124 | |
| CRITICAL | Missing Authentication/Authorization in Self-Hosted Cache Server The self-hosted cache server example in 'Template 4' does not implement any authentication or authorization mechanisms. This means any client can freely upload, download, or check the existence of cache artifacts without proving their identity or having appropriate permissions. This can lead to unauthorized access to build artifacts, data integrity issues (e.g., cache poisoning), and potential denial of service. Implement robust authentication and authorization for the self-hosted cache server. This could involve API keys, JWTs, or integrating with an existing identity provider. Ensure that only authorized users/services can interact with the cache endpoints. Turborepo's remote cache protocol supports signature verification, which should be enabled and enforced on the server side if `signature: true` is used in `turbo.json`. | Static | SKILL.md:115 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 3 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | LLM | (sanity check) | |
| MEDIUM | Sensitive path access: Environment file Access to Environment file path detected: '.env.local'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | plugins/developer-essentials/skills/turborepo-caching/SKILL.md:52 |
Scan History
Embed Code
[](https://skillshield.io/report/e9c648cefc29d7bc)
Powered by SkillShield