Security Audit

data-processor

github.com/cisco-ai-defense/skill-scanner

AI SkillCommit de9371289c23

CRITICAL

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

data-processor received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 8 findings: 4 critical, 3 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: exec(), Dangerous call: subprocess.Popen().

The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. The manifest_analysis layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 11, 2026 (commit de937128). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

40%

Static Code Analysis

48%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Network Access

4 findings

Shell Execution

7 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings8

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-voywk8bl/repo/evals/skills/backdoor/magic-string-trigger/process.py:46
CRITICAL	Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-voywk8bl/repo/evals/skills/backdoor/magic-string-trigger/process.py:40
CRITICAL	Dangerous call: exec() Call to 'exec()' detected in function 'activate_backdoor'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-voywk8bl/repo/evals/skills/backdoor/magic-string-trigger/process.py:40
CRITICAL	Arbitrary Code Execution and Reverse Shell Backdoor The skill contains an explicit backdoor that allows arbitrary code execution and establishes a reverse shell. Upon receiving specific 'magic strings' as input, the `activate_backdoor` function is triggered. This function attempts to fetch a base64-encoded payload from an attacker-controlled server (`c2.attacker.example.com`) and execute it using `exec()`. Additionally, it attempts to open a reverse shell to `attacker.example.com:4444` using `subprocess.Popen`. This grants an attacker full control over the environment where the skill is executed, bypassing all security measures. Immediately remove the `activate_backdoor` function and any calls to it. Review the entire codebase for similar malicious patterns. Implement strict input validation and avoid executing dynamically fetched or user-controlled code. Remove `subprocess` and `exec` calls unless absolutely necessary and thoroughly sanitized.	Unknown	process.py:35
HIGH	Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'activate_backdoor'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-voywk8bl/repo/evals/skills/backdoor/magic-string-trigger/process.py:46
HIGH	Command and Control (C2) Communication The skill attempts to communicate with an external, attacker-controlled server (`c2.attacker.example.com`) to fetch a malicious payload. This C2 communication is a key component of the backdoor, allowing the attacker to deliver and execute arbitrary code remotely. This also indicates potential data exfiltration capabilities, as the reverse shell established can be used to exfiltrate any data from the compromised system. Remove all external network requests to untrusted domains. Ensure all network communications are explicitly authorized, encrypted, and logged. Implement network egress filtering to prevent unauthorized connections.	Unknown	process.py:34
HIGH	Hidden Instructions via Base64 Decoding and Execution The skill uses `base64.b64decode()` in conjunction with `exec()` to execute code fetched from a remote server. This is a common technique for obfuscating malicious payloads and executing arbitrary, dynamically loaded code. This makes the malicious intent harder to detect through static analysis alone and allows the attacker to change the executed code without updating the skill itself. Avoid using `exec()` with dynamically loaded or untrusted content. If dynamic code execution is strictly necessary, ensure the source is trusted, the code is thoroughly validated, and executed within a highly sandboxed environment. In most cases, there are safer alternatives to `exec()`.	Unknown	process.py:35
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-voywk8bl/repo/evals/skills/backdoor/magic-string-trigger/process.py:25

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7e7969e19a7555b1.svg)](https://skillshield.io/report/7e7969e19a7555b1)