Security Audit
slack-gif-creator
github.com/ComposioHQ/awesome-claude-skillsTrust Assessment
slack-gif-creator received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 0 critical, 6 high, 5 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned Python dependency version, Unpinned or Loosely Pinned Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit 27904475). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | slack-gif-creator/core/easing.py:5 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | slack-gif-creator/core/frame_composer.py:5 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | slack-gif-creator/core/gif_builder.py:5 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | slack-gif-creator/core/typography.py:5 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | slack-gif-creator/core/visual_effects.py:5 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | slack-gif-creator/templates/move.py:5 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | slack-gif-creator/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | slack-gif-creator/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio-ffmpeg>=0.4.9' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | slack-gif-creator/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | slack-gif-creator/requirements.txt:4 | |
| MEDIUM | File System Write/Read Capabilities Require Orchestrator Path Validation The skill includes functionality to save generated GIFs (`GIFBuilder.save`) and read existing GIFs (`validators.check_slack_size`, `validators.validate_gif`). These operations involve writing to and reading from the file system using paths provided as arguments (`output_path`, `gif_path`). If the orchestrating LLM or calling environment does not strictly validate and constrain these paths to a designated, sandboxed directory, a malicious prompt could potentially instruct the skill to write to arbitrary locations on the file system (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) or read sensitive files, leading to data exfiltration or system compromise. This is a common interaction point requiring careful security design in the calling environment. The orchestrating LLM or calling environment must implement robust path validation and sandboxing for all file system operations. Ensure that `output_path` and `gif_path` arguments are strictly confined to a temporary, isolated, and non-sensitive directory. Avoid allowing user-controlled input to directly specify file paths without sanitization and validation against an allow-list or a secure sandbox. | Static | core/gif_builder.py:105 | |
| LOW | Unpinned or Loosely Pinned Dependencies The `requirements.txt` file specifies minimum versions for dependencies (e.g., `pillow>=10.0.0`) rather than exact versions (e.g., `pillow==10.0.0`). This can introduce supply chain risks as future, potentially vulnerable, versions of these packages could be installed without explicit review. While allowing for minor updates, it reduces reproducibility and increases the attack surface if a dependency introduces a vulnerability in a later patch. Pin all dependencies to exact versions (e.g., `pillow==10.0.0`) to ensure reproducible builds and prevent unexpected updates that might introduce vulnerabilities. Regularly review and update these pinned versions. | Static | requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/f043a3e095d5a649)
Powered by SkillShield