Security Audit
blip-2-vision-language
github.com/davila7/claude-code-templatesTrust Assessment
blip-2-vision-language received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 5 findings: 0 critical, 0 high, 1 medium, and 4 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Potential Arbitrary File Read via Image Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 | |
| LOW | Potential Arbitrary File Read via Image Path The skill demonstrates opening image files from local paths using `PIL.Image.open()`. If the `image_path` argument in the `ImageCaptioner.caption()` method is populated directly from untrusted user input without proper validation or sanitization, an attacker could potentially supply a path to an arbitrary file on the system, leading to unauthorized file disclosure or processing of sensitive data. While the provided examples use hardcoded or controlled paths, the capability exists. Implement robust input validation and sanitization for all file path arguments. Ensure that file paths provided by untrusted sources are restricted to an allowed directory (e.g., a sandbox or temporary upload folder) and do not allow directory traversal (e.g., '..', absolute paths outside the sandbox). Consider using a file picker or content ID system instead of raw file paths for user input. | Static | SKILL.md:300 | |
| LOW | Potential Arbitrary File Read via Image Path The skill demonstrates opening image files from local paths using `PIL.Image.open()`. If the `image_path` argument in the `VisualQA.set_image()` method is populated directly from untrusted user input without proper validation or sanitization, an attacker could potentially supply a path to an arbitrary file on the system, leading to unauthorized file disclosure or processing of sensitive data. While the provided examples use hardcoded or controlled paths, the capability exists. Implement robust input validation and sanitization for all file path arguments. Ensure that file paths provided by untrusted sources are restricted to an allowed directory (e.g., a sandbox or temporary upload folder) and do not allow directory traversal (e.g., '..', absolute paths outside the sandbox). Consider using a file picker or content ID system instead of raw file paths for user input. | Static | SKILL.md:339 | |
| LOW | Potential Arbitrary File Read via Image Path The skill demonstrates opening image files from local paths using `PIL.Image.open()`. If the `image_paths` argument in the `ImageSearchEngine.index_images()` method is populated directly from untrusted user input without proper validation or sanitization, an attacker could potentially supply paths to arbitrary files on the system, leading to unauthorized file disclosure or processing of sensitive data. While the provided examples use hardcoded or controlled paths, the capability exists. Implement robust input validation and sanitization for all file path arguments. Ensure that file paths provided by untrusted sources are restricted to an allowed directory (e.g., a sandbox or temporary upload folder) and do not allow directory traversal (e.g., '..', absolute paths outside the sandbox). Consider using a file picker or content ID system instead of raw file paths for user input. | Static | SKILL.md:386 |
Scan History
Embed Code
[](https://skillshield.io/report/f1fb84df355b3058)
Powered by SkillShield