Trust Assessment
bioservices received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Arbitrary File Write via User-Controlled Output Paths.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via User-Controlled Output Paths The script `batch_id_converter.py` allows writing to an arbitrary file path specified by the `--output` command-line argument. An attacker could exploit this by injecting a malicious path (e.g., `/etc/passwd`, `/var/www/html/`) when instructing the agent to execute this script. This could lead to data corruption, denial of service (by filling disk space), or data exfiltration (by writing sensitive information to publicly accessible locations). Implement strict validation for output file/directory paths, restricting them to a designated safe directory or requiring explicit user confirmation for sensitive locations. Consider using a sandboxed environment for script execution or limiting the agent's ability to specify arbitrary file paths for output. | LLM | scripts/batch_id_converter.py:169 | |
| HIGH | Arbitrary File Write via User-Controlled Output Paths The script `compound_cross_reference.py` allows writing to an arbitrary file path specified by the `--output` command-line argument. An attacker could exploit this by injecting a malicious path (e.g., `/etc/passwd`, `/var/www/html/`) when instructing the agent to execute this script. This could lead to data corruption, denial of service (by filling disk space), or data exfiltration (by writing sensitive information to publicly accessible locations). Implement strict validation for output file/directory paths, restricting them to a designated safe directory or requiring explicit user confirmation for sensitive locations. Consider using a sandboxed environment for script execution or limiting the agent's ability to specify arbitrary file paths for output. | LLM | scripts/compound_cross_reference.py:223 | |
| HIGH | Arbitrary File Write via User-Controlled Output Paths The script `pathway_analysis.py` allows writing to an arbitrary output directory specified by the `OUTPUT_DIR` command-line argument, and also creates subdirectories within it. An attacker could exploit this by injecting a malicious path (e.g., `/etc/`, `/var/www/html/`) when instructing the agent to execute this script. This could lead to data corruption, denial of service (by filling disk space), or data exfiltration (by writing sensitive information to publicly accessible locations). Implement strict validation for output file/directory paths, restricting them to a designated safe directory or requiring explicit user confirmation for sensitive locations. Consider using a sandboxed environment for script execution or limiting the agent's ability to specify arbitrary file paths for output. | LLM | scripts/pathway_analysis.py:128 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/d1c61bfe2b5a45ca)
Powered by SkillShield