Security Audit
slack-gif-creator
github.com/ComposioHQ/awesome-codex-skillsTrust Assessment
slack-gif-creator received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 1 high, 5 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Potential Arbitrary File Read via Image.open, Potential Arbitrary File Write via GIFBuilder.save.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 16, 2026 (commit ccf6204f). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Arbitrary File Write via GIFBuilder.save The `GIFBuilder.save()` method in `core/gif_builder.py` writes the generated GIF to a path specified by `output_path` using `imageio.imwrite`. If `output_path` is directly controllable by untrusted user input, an attacker could specify an arbitrary file path (e.g., `/tmp/malicious.gif`, or attempt to overwrite critical system files like `/etc/profile` if the agent's execution context has sufficient permissions). This could lead to data corruption, denial of service, or even arbitrary code execution if combined with other vulnerabilities (e.g., writing to a startup script). Restrict `output_path` to a designated, isolated temporary directory that is cleared regularly. Ensure that the agent's execution environment has minimal write permissions, preventing writes to sensitive system locations. Validate `output_path` to ensure it does not contain directory traversal sequences (e.g., `../`). | Static | core/gif_builder.py:200 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | slack-gif-creator/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | slack-gif-creator/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio-ffmpeg>=0.4.9' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | slack-gif-creator/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | slack-gif-creator/requirements.txt:4 | |
| MEDIUM | Potential Arbitrary File Read via Image.open The `core/validators.py` module uses `PIL.Image.open()` to read GIF files. If the `gif_path` argument to functions like `check_slack_size` or `validate_gif` is derived from untrusted user input, an attacker could potentially supply a path to an arbitrary file (e.g., `/etc/passwd`). While `PIL` might not successfully parse it as an image, the `Path.exists()` and `Path.stat().st_size` calls would confirm the file's existence and reveal its size, which constitutes a limited form of data exfiltration. Furthermore, supplying a malformed image file could exploit vulnerabilities in the `PIL` library itself, potentially leading to denial of service or, in severe cases, arbitrary code execution. Implement strict input validation for `gif_path` to ensure it points only to expected, temporary, and non-sensitive file locations. Consider sandboxing the image processing operations to prevent access to unauthorized file paths or system resources. Ensure `PIL` is kept up-to-date to mitigate known vulnerabilities. | Static | core/validators.py:60 |
Scan History
Embed Code
[](https://skillshield.io/report/1e2b7ff02ea92d7e)
Powered by SkillShield