Trust Assessment
slack-gif-creator received a trust score of 31/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 0 critical, 1 high, 8 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned Python dependency version, Arbitrary File Read/Existence Check via User-Controlled Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 1ed29a03). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via User-Controlled Output Path The `save` method in `core/gif_builder.py` accepts an `output_path` parameter, which is then used to write the generated GIF to the filesystem (implied by `imageio.v3` import and method description). If an attacker can control the `output_path` argument, they could specify arbitrary file paths, potentially overwriting critical system files (e.g., `/etc/passwd`, `/root/.bashrc`), leading to denial of service, data corruption, or even remote code execution if combined with other vulnerabilities (e.g., writing to a startup script location). Implement strict input validation and sanitization for `output_path`. Only allow paths within a designated, sandboxed temporary directory. Do not allow path traversal sequences (`../`). The agent framework should enforce a secure file saving mechanism, possibly by providing a pre-validated file handle or a restricted output directory, rather than allowing direct user-controlled paths. | LLM | core/gif_builder.py:167 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/slack-gif-creator/core/easing.py:5 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/slack-gif-creator/core/frame_composer.py:5 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/slack-gif-creator/core/gif_builder.py:5 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/slack-gif-creator/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/slack-gif-creator/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio-ffmpeg>=0.4.9' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/slack-gif-creator/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/slack-gif-creator/requirements.txt:4 | |
| MEDIUM | Arbitrary File Read/Existence Check via User-Controlled Path The `validate_gif` and `is_slack_ready` functions in `core/validators.py` accept a `gif_path` parameter and directly use it to check file existence (`Path(gif_path).exists()`) and open the file (`Image.open(gif_path)`). If an attacker can control the `gif_path` argument, they could perform path traversal attacks (e.g., `../../../../etc/passwd`) to check for the existence of arbitrary files on the system. Additionally, attempting to open non-GIF system files could trigger error messages that reveal information about the file system structure, permissions, or the nature of files at specific paths, leading to information disclosure. Implement strict input validation and sanitization for `gif_path`. Only allow paths within a designated, sandboxed temporary directory. Do not allow path traversal sequences (`../`). If the file is user-uploaded, the agent framework should provide a secure, temporary file path or a file handle, rather than allowing direct user-controlled paths. | LLM | core/validators.py:23 |
Scan History
Embed Code
[](https://skillshield.io/report/782267958d1e7fb4)
Powered by SkillShield