Security Audit
gracefullight/stock-checker:.opencode/skills/typescript-expert
github.com/gracefullight/stock-checkerTrust Assessment
gracefullight/stock-checker:.opencode/skills/typescript-expert received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Reads entire project source code.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 3/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit 4a711df6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | .opencode/skills/typescript-expert/scripts/ts_diagnostic.py:16 | |
| CRITICAL | Reads entire project source code The `scripts/ts_diagnostic.py` script uses `grep -r` to scan all `.ts` and `.tsx` files within the `src/` directory. This allows the skill to read and potentially exfiltrate the entire source code of the user's project, which can contain sensitive business logic, proprietary algorithms, or other confidential information. Avoid reading entire project source code. If specific file content is needed, prompt the user for explicit permission for each file or use more granular, sandboxed file access mechanisms. | Static | scripts/ts_diagnostic.py:109 | |
| CRITICAL | Suggests execution of destructive commands The `SKILL.md` explicitly suggests the use of `rm -rf node_modules/.cache .tsbuildinfo` to clear caches. While intended for maintenance, the `rm -rf` command is highly destructive and, if misused or if the path is manipulated, could lead to irreversible data loss on the user's system. Granting an AI agent the capability to execute such commands is an excessive permission. Remove direct suggestions for destructive commands like `rm -rf`. If cache clearing is necessary, provide a safer, sandboxed alternative or instruct the user to perform it manually. | Static | SKILL.md:176 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_cmd'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | .opencode/skills/typescript-expert/scripts/ts_diagnostic.py:16 | |
| HIGH | Uses `subprocess.run` with `shell=True` The `run_cmd` function in `scripts/ts_diagnostic.py` uses `subprocess.run(cmd, shell=True)`. Using `shell=True` is a known security risk as it allows the shell to interpret the command string. If any part of the `cmd` string were to be constructed from untrusted user input, it would be vulnerable to command injection, allowing arbitrary code execution. Even with static commands, it increases the attack surface. Avoid `shell=True`. Instead, pass commands as a list of arguments (e.g., `subprocess.run(["npx", "tsc", "--version"])`) to prevent shell interpretation. If shell features are strictly necessary, carefully sanitize all inputs and consider using a dedicated shell parsing library. | Static | scripts/ts_diagnostic.py:11 | |
| MEDIUM | Reads project configuration files The `SKILL.md` and `scripts/ts_diagnostic.py` both read `package.json` and `tsconfig.json` files. While these files are often not highly sensitive, they can contain internal project structure, dependency details, build configurations, and potentially paths or URLs that could be considered confidential in some contexts. Reading these files without explicit user consent or a clear privacy policy constitutes a data exfiltration risk. Limit file access to only strictly necessary files. For configuration files, consider if the required information can be obtained through less intrusive means or if explicit user permission should be requested. | Static | scripts/ts_diagnostic.py:35 |
Scan History
Embed Code
[](https://skillshield.io/report/34fd0b986384ced4)
Powered by SkillShield