agent-v3-security-architect

github.com/ruvnet/ruflo
Verdict: Generally safe
0 critical1 high5 medium
B
SCORE 75 / 100
$skillox install agent-v3-security-architectSoon
Sign in to followFollowing emails you when a re-scan drops the grade. Opt-out is per-creator on /account/billing.

Why grade B?

score · 75 / 100

The current grade reflects 1 high-severity finding (any HIGH → B).

0 CRIT1 HIGH5 MED0 LOW
To reach a higher grade
  • A
    Reach Atarget score 95

    Resolve all 1 HIGH + 3 of 5 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-rz2cs39ezc0le7kilm12aqa0 · Thu, 28 May 2026 17:35:48 GMT · 1ms

high
Shell-injection vector: child_process exec/spawn with template literal
The skill constructs a shell command by interpolating into a string passed to an exec-family function (`child_process exec/spawn with template literal`). If the interpolated value comes from agent context or user input, this is direct command injection. Use parameterized APIs (`spawn` with an arg-array, `subprocess.run([...])` without `shell=True`).
rule: shell-injection-templateline: 140CWE-78
138
139// ❌ Dangerous: shell injection possible
140// exec(`git ${userInput}`, { shell: true });child_process exec/spawn with template literal — use a parameterized API instead
141
142// ✅ Safe: no shell interpretation
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 75CWE-78
73
74### **HIGH-1: Command Injection**
75- **Issue**: shell:true in spawn() callsspawns a subprocess outside declared capabilities
76- **Action**: Use execFile without shell
77- **Files**: Multiple spawn() locations
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 77CWE-78
75- **Issue**: shell:true in spawn() calls
76- **Action**: Use execFile without shell
77- **Files**: Multiple spawn() locationsspawns a subprocess outside declared capabilities
78- **Timeline**: Phase 1 Week 2
79
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 137CWE-78
135```typescript
136// Safe command execution
137import { execFile } from 'child_process';spawns a subprocess outside declared capabilities
138
139// ❌ Dangerous: shell injection possible
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 140CWE-78
138
139// ❌ Dangerous: shell injection possible
140// exec(`git ${userInput}`, { shell: true });spawns a subprocess outside declared capabilities
141
142// ✅ Safe: no shell interpretation
med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
View latest scan →
skillox.io/c/agent-v3-security-architect