100Critical
The skill allows arbitrary code execution via command injection, exposes
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Cosense (Scrapbox): Cosense ページの取得・検索・作成・編集。CLI 経由で実行。
Actually does
The skill executes the `scrapbox-cosense-mcp` CLI tool via Bash. This tool interacts with Cosense (Scrapbox) pages to perform operations such as getting, searching, listing, creating, inserting, and generating URLs. It requires `COSENSE_PROJECT_NAME` and potentially a sensitive `COSENSE_SID` (session ID) for authentication.
Skill Info
Nameworldnine/scrapbox-cosense-mcp/cosense
Registrygithub
Version8347008ad079
PURLpkg:github/worldnine/scrapbox-cosense-mcp@8347008ad079?skill=cosense
Stars45
Source
SHA-256ebf6b3d1d069...
SHA-1318f7f5dd818...
MD544858b98c30e...
TLSHa4412e4c8748...
Size2,000 bytes
Install
Assessments (1)
AI Agent Traps ↗Broad Command Execution Privilegecriticalcommand execution
The skill grants the agent the ability to execute `scrapbox-cosense-mcp` with arbitrary arguments via `Bash(*)` wildcard. This poses a critical risk of command injection if the executable does not sanitize inputs, potentially leading to arbitrary code execution on the host system.
100% confidenceline 4
allowed-tools: Bash(scrapbox-cosense-mcp *)
Handling of Sensitive Session IDhighcredential theft
The skill requires the user to provide a `COSENSE_SID` (session ID), which is a sensitive credential. A compromised or manipulated agent could exfiltrate this session ID or use it to perform unauthorized actions on the user's Cosense account.
100% confidence
COSENSE_SID | セッションID(プライベートプロジェクト、create/insert/context 操作に必要)
Data Manipulation and Exfiltration via Write Operationsmediumdata exfiltration
The skill provides `create` and `insert` commands, allowing the agent to write arbitrary content to Cosense pages. This capability could be abused for data exfiltration (writing sensitive information to public pages) or for semantic manipulation (injecting false information).
100% confidenceline 18
scrapbox-cosense-mcp create <title> [--body=TEXT], scrapbox-cosense-mcp insert <title> --after=TEXT --text=TEXT
Project Specification Overridelowgoal hijacking
The `--project=NAME` argument allows the agent to specify or override the target Cosense project. This introduces a risk where a manipulated agent could be directed to access or modify data in an unintended or unauthorized project.
100% confidence
全コマンド共通: ... --project=NAME でプロジェクト指定
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/worldnine/scrapbox-cosense-mcp/cosense)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/worldnine/scrapbox-cosense-mcp/cosense"><img src="https://mondoo.com/ai-agent-security/api/badge/github/worldnine/scrapbox-cosense-mcp/cosense.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/worldnine/scrapbox-cosense-mcp/cosense.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow