Security Audit

dzcmemory-web/bazi-ziwei-skill:root

github.com/dzcmemory-web/bazi-ziwei-skill

AI SkillCommit 8fd7dfa45f50

CAUTION

Scanned 6 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

dzcmemory-web/bazi-ziwei-skill:root received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned npm dependency version, Command Injection via User-Controlled Filename in Shell Execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on June 18, 2026 (commit 8fd7dfa4). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

70%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

3 findings

Dynamic Code

3 findings

Security Findings4

Severity	Finding	Layer	Location
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	calculator/dist/yiqi-core/nayin.js:103
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	calculator/dist/yiqi-core/sihua.js:57
HIGH	Command Injection via User-Controlled Filename in Shell Execution The SKILL.md file instructs the host AI agent to execute a shell command (node dist/render.js) where the '--output' parameter includes '<user-name>', which is directly derived from user input. If a user provides a name containing shell metacharacters (such as ';', '`', or '$()'), it can lead to arbitrary command execution on the host system when the agent runs the command in its terminal. Instruct the agent to sanitize the '<user-name>' variable (e.g., by removing non-alphanumeric characters) before using it in any shell command, or use a fixed, safe filename (such as 'report.html') and avoid passing raw user input directly to shell commands.	LLM	SKILL.md:118
MEDIUM	Unpinned npm dependency version Dependency 'lunar-typescript' is not pinned to an exact version ('^1.8.6'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	calculator/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b0faa9e172727936.svg)](https://skillshield.io/report/b0faa9e172727936)