Security Audit
dkyazzentwatwa/chatgpt-skills:batch-qr-generator
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:batch-qr-generator received a trust score of 34/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 0 critical, 3 high, 3 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned Python dependency version, Path Traversal Vulnerability in File Operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | batch-qr-generator/scripts/batch_qr_generator.py:2 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | batch-qr-generator/scripts/batch_qr_generator.py:124 | |
| HIGH | Path Traversal Vulnerability in File Operations The skill directly uses user-provided file paths for CSV input, logo image input, and output directory without proper sanitization. Additionally, filenames derived from the input CSV are not sanitized. This allows an attacker to perform path traversal attacks, potentially leading to:
1. **Arbitrary File Read:** Reading sensitive files (e.g., `/etc/passwd`) by manipulating the `--csv` or `--logo` arguments with paths like `../../../../etc/passwd`.
2. **Arbitrary File Write:** Writing QR code images or metadata CSVs to arbitrary locations on the filesystem by manipulating the `--output-dir` argument or by including path traversal sequences (e.g., `../../../../tmp/malicious_file`) in the 'filename' column of the input CSV. Implement robust path sanitization for all user-controlled file paths. For `filepath`, `output_dir`, and `logo_path`, use `os.path.abspath` and then verify that the resolved path remains within an allowed base directory (e.g., a designated sandbox or temporary directory). For the 'filename' column from the CSV, ensure it does not contain any path separators (`/`, `\`) or path traversal sequences (`..`). A common approach is to use `os.path.basename()` on the filename to strip any directory components before joining it with the output directory. | Static | scripts/batch_qr_generator.py:20 | |
| MEDIUM | Unpinned Python dependency version Requirement 'qrcode[pil]>=7.4.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | batch-qr-generator/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | batch-qr-generator/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | batch-qr-generator/scripts/requirements.txt:3 |
Scan History
Embed Code
[](https://skillshield.io/report/75fdc41b20a369b7)
Powered by SkillShield