Trust Assessment
brenda-database received a trust score of 31/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 3 high, 3 medium, and 1 low severity. Key findings include Python file could not be statically analyzed, Network egress to untrusted endpoints, Covert behavior / concealment directives.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via Path Traversal in File Export/Save Functions Multiple functions allow writing files to arbitrary locations on the filesystem by accepting user-controlled `filename` or `save_path` arguments without proper path sanitization. An attacker could use path traversal sequences (e.g., `../../`) to write files outside the intended directory, potentially overwriting critical system files, exfiltrating data by writing to accessible locations, or achieving remote code execution if combined with other vulnerabilities (e.g., writing to a web server's executable directory). Sanitize the `filename` parameter in `export_kinetic_data` to prevent path traversal. Ensure that the resolved path is strictly within an allowed, designated output directory. A common approach is to resolve the path and then check if it starts with the canonical path of the base output directory. | Static | scripts/brenda_queries.py:340 | |
| HIGH | Arbitrary File Write via Path Traversal in File Export/Save Functions Multiple functions allow writing files to arbitrary locations on the filesystem by accepting user-controlled `filename` or `save_path` arguments without proper path sanitization. An attacker could use path traversal sequences (e.g., `../../`) to write files outside the intended directory, potentially overwriting critical system files, exfiltrating data by writing to accessible locations, or achieving remote code execution if combined with other vulnerabilities (e.g., writing to a web server's executable directory). Sanitize the `save_path` parameter in `plot_kinetic_parameters` and other `plot_` functions to prevent path traversal. Ensure that the resolved path is strictly within an allowed, designated output directory. A common approach is to resolve the path and then check if it starts with the canonical path of the base output directory. | Static | scripts/brenda_visualization.py:99 | |
| HIGH | Arbitrary File Write via Path Traversal in File Export/Save Functions Multiple functions allow writing files to arbitrary locations on the filesystem by accepting user-controlled `filename` or `save_path` arguments without proper path sanitization. An attacker could use path traversal sequences (e.g., `../../`) to write files outside the intended directory, potentially overwriting critical system files, exfiltrating data by writing to accessible locations, or achieving remote code execution if combined with other vulnerabilities (e.g., writing to a web server's executable directory). Sanitize the `filename` parameter in `generate_pathway_report` to prevent path traversal. Ensure that the resolved path is strictly within an allowed, designated output directory. A common approach is to resolve the path and then check if it starts with the canonical path of the base output directory. | Static | scripts/enzyme_pathway_builder.py:640 | |
| MEDIUM | Python file could not be statically analyzed SyntaxError: invalid syntax (line 559) | Static | cli-tool/components/skills/scientific/brenda-database/scripts/brenda_queries.py:559 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Unpinned Dependencies in Installation Instructions The `uv pip install` commands specify dependencies without pinning them to specific versions. This can lead to supply chain risks where future versions of these packages might introduce breaking changes, vulnerabilities, or unexpected behavior. It also makes builds non-deterministic. Pin all dependencies to specific versions (e.g., `zeep==4.2.1`). Regularly review and update these pinned versions to incorporate security fixes and new features in a controlled manner. Consider using a dependency management tool that enforces pinning. | Static | SKILL.md:403 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/671de089e9a3047d)
Powered by SkillShield