Security Audit

dkyazzentwatwa/chatgpt-skills:outlier-detective

github.com/dkyazzentwatwa/chatgpt-skills

AI SkillCommit d4bad33523ff

CRITICAL

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

dkyazzentwatwa/chatgpt-skills:outlier-detective received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 8 findings: 0 critical, 2 high, 6 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read via User-Controlled Path, Arbitrary File Write via User-Controlled Path.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

63%

Dependency Graph

65%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

2 findings

Excessive Permissions

1 finding

Security Findings8

Severity	Finding	Layer	Location
HIGH	Arbitrary File Read via User-Controlled Path The `load_csv` method directly uses a user-provided `filepath` argument with `pandas.read_csv`. An attacker could specify paths to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to read their contents. The skill then processes this data, and parts of it (e.g., outlier rows, analysis reports) could be exfiltrated through the skill's output. Implement strict path validation and sanitization for `filepath`. Ensure the path is canonicalized and restricted to an allowed, non-sensitive directory. Consider using a file picker or virtualized file system access if possible, rather than direct path input.	Static	scripts/outlier_detective.py:39
HIGH	Arbitrary File Write via User-Controlled Path The `plot_boxplot`, `plot_scatter`, and `plot_distribution` methods, as well as the implicit `to_csv` calls for `get_outliers` and `get_clean_data` (as shown in `SKILL.md` and CLI usage), allow a user to specify an arbitrary `output` filepath. An attacker could use this to overwrite critical system files (e.g., `/etc/passwd`, `/etc/sudoers`), user configuration files (e.g., `~/.bashrc`), or write to arbitrary locations on the file system, potentially leading to denial of service, privilege escalation, or data corruption. The CLI usage confirms that `--output` is directly passed to these functions. Implement strict path validation and sanitization for `output` file paths. Ensure the path is canonicalized and restricted to an allowed, non-sensitive output directory. Do not allow writing to arbitrary locations on the file system.	Static	scripts/outlier_detective.py:230
MEDIUM	Unpinned Python dependency version Requirement 'pandas>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	outlier-detective/scripts/requirements.txt:1
MEDIUM	Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	outlier-detective/scripts/requirements.txt:2
MEDIUM	Unpinned Python dependency version Requirement 'scipy>=1.10.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	outlier-detective/scripts/requirements.txt:3
MEDIUM	Unpinned Python dependency version Requirement 'scikit-learn>=1.3.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	outlier-detective/scripts/requirements.txt:4
MEDIUM	Unpinned Python dependency version Requirement 'matplotlib>=3.7.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	outlier-detective/scripts/requirements.txt:5
MEDIUM	Denial of Service via Excessive ML Model Parameters The `detect_multivariate` method passes user-controlled `kwargs` directly to the constructors of `IsolationForest` and `LocalOutlierFactor` from scikit-learn. While these libraries are generally robust, an attacker could provide excessively large or invalid numerical parameters (e.g., `n_estimators` for IsolationForest, `n_neighbors` for LOF) which could lead to excessive memory consumption, CPU usage, or long execution times, potentially causing a denial of service for the agent or the underlying system. Validate and sanitize `kwargs` passed to ML model constructors. Implement checks for numerical parameters to ensure they fall within reasonable and safe bounds. Consider whitelisting allowed parameters and their acceptable value ranges.	Static	scripts/outlier_detective.py:160

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/20c5e370b0fb026e.svg)](https://skillshield.io/report/20c5e370b0fb026e)