black-fortress@ 1.1.10

github.com/clawhub.ai/black-fortress
Verdict: Generally safe
0 critical1 high4 medium
B
SCORE 75 / 100
$skillox install black-fortressSoon
Sign in to followFollowing emails you when a re-scan drops the grade. Opt-out is per-creator on /account/billing.

Why grade B?

score · 75 / 100

The current grade reflects 1 high-severity finding (any HIGH → B).

0 CRIT1 HIGH4 MED0 LOW
To reach a higher grade
  • A
    Reach Atarget score 95

    Resolve all 1 HIGH + 2 of 4 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-e5jtqmk4h9n5bn2vnlksqpam · Thu, 28 May 2026 16:35:07 GMT · 3ms

high
Sensitive filesystem path referenced
The skill references a path (`~\/\.docker\/config\.json`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.
rule: filesystem-overreachline: 517CWE-552
515```bash
516mkdir -p ~/.docker
517echo '{"credsStore":"osxkeychain"}' > ~/.docker/config.jsonsensitive path — credential-exfiltration vector
518```
519
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 87CWE-78
85- ❌ String literals >50 chars → truncated
86
87**Any code that relies on hardcoded string-reflection** (e.g., `getattr(obj, "user_input")`, `eval()`, `exec()` with dynamic strings, `__name__` comparisons) **will intentionally break** under obfuscation.spawns a subprocess outside declared capabilities
88
89**This is not a bug. It is a security feature.** Code that depends on string reflection is inherently unsafe for sandboxed execution — it's a vector for prompt injection and dynamic behavior that defeats behavioral auditing. If your code breaks under obfuscation, it should not be trusted.
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 144CWE-78
142|---|---|---|
143| Python 3.11 interpreter | ✅ | — |
144| `/bin/sh` / `/bin/bash` | ❌ | No reverse shell, no `os.system()` |spawns a subprocess outside declared capabilities
145| `apt` / `dpkg` | ❌ | No package install, no persistence |
146| `pip` | ❌ | No dependency injection |
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 217CWE-78
215**The Problem:** `microvm_orchestrator.py` used `shell=True` with f-string interpolation for Docker commands. If a source directory path contained shell metacharacters (`;`, `|`, `$()`), this was a command injection vector.
216
217**The Fix:** Docker commands are now built as **argument lists** (no shell interpretation). `subprocess.run(cmd)` with a list never invokes `/bin/sh`, so path metacharacters are treated as literal characters.spawns a subprocess outside declared capabilities
218
219**Also Fixed:** `microvm_orchestrator.py` now passes `env=SANDBOX_ENV` to both Docker and Firecracker subprocess calls — matching the environment scrubbing in `black_fortress.py`.
med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
View latest scan →
skillox.io/c/black-fortress