Trust Assessment
elegant-reports received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 3 critical, 3 high, 3 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Unpinned npm dependency version.
The analysis covered 4 layers: dependency_graph, static_code_analysis, manifest_analysis, llm_behavioral_safety. The manifest_analysis layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-7t4dkxw1/repo/skills/elegant-reports/generate.js:17 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-7t4dkxw1/repo/skills/elegant-reports/generate.js:266 | |
| CRITICAL | Command Injection via unsanitized user-controlled file paths in `execSync` The `generate.js` script uses `child_process.execSync` to execute shell commands for file operations. User-controlled `inputPath` and `outputPath` are directly interpolated into these shell commands without proper sanitization or escaping. An attacker could provide a malicious file path (e.g., `foo.md; rm -rf /`) to execute arbitrary commands on the host system. Avoid using `execSync` with user-controlled input. Prefer Node.js built-in `fs` module functions (e.g., `fs.copyFileSync`) for file operations. If shell execution is unavoidable, ensure all user-provided arguments are rigorously sanitized and properly escaped for the shell (e.g., using a library like `shell-quote` or `shlex.quote` for Python equivalents) before being passed to `execSync`. | Unknown | generate.js:300 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-7t4dkxw1/repo/skills/elegant-reports/generate.js:31 | |
| HIGH | Cross-Site Scripting (XSS) / HTML Injection in generated reports The `renderHtml` function directly interpolates user-provided data (from frontmatter fields like `title`, `subtitle`, `author`, `date`, and the main markdown `content`) into the HTML template without sufficient HTML entity escaping. While `markdownToHtml` escapes content within code blocks, it does not escape general markdown output (e.g., headers, paragraphs, links). This allows an attacker to inject arbitrary HTML or JavaScript into the input markdown or frontmatter, leading to Cross-Site Scripting (XSS) in the generated report. If the generated HTML is viewed in a browser or processed by a vulnerable renderer, this could lead to client-side attacks. Implement robust HTML entity escaping for all user-provided data before it is inserted into the HTML template. For markdown content, use a well-vetted markdown-to-HTML library that includes XSS sanitization capabilities, or ensure the custom `markdownToHtml` function escapes all HTML entities in its output, not just code blocks. | Unknown | generate.js:203 | |
| HIGH | Data Exfiltration vector via external API amplified by other vulnerabilities The skill's core functionality involves sending generated HTML content and an API key to an external service (`https://api.nutrient.io/build`) via `uploadToNutrientDWS`. While this is intended behavior, the presence of Command Injection and XSS vulnerabilities creates a critical data exfiltration vector. An attacker could exploit these vulnerabilities to read arbitrary local files (via command injection) or inject sensitive data into the HTML (via XSS), which would then be transmitted to the external API along with the skill's API key. Prioritize fixing the Command Injection and XSS vulnerabilities to prevent malicious content from being embedded in the HTML. Additionally, ensure that the API key is handled securely and that the external API endpoint is trusted and uses secure communication (HTTPS). Implement strict input validation and sanitization for all user-provided data before it is processed or sent to external services. | Unknown | generate.js:230 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-7t4dkxw1/repo/skills/elegant-reports/generate.js:7 | |
| MEDIUM | Unpinned npm dependency version Dependency 'axios' is not pinned to an exact version ('^1.6.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-7t4dkxw1/repo/skills/elegant-reports/package.json | |
| MEDIUM | Excessive Permissions: Access to external configuration file in user's home directory The `loadApiKey` function attempts to read an API key from a hardcoded path: `~/.clawd-nuri-internal/config/mcporter.json`. This grants the skill access to a specific configuration file outside its own directory, which could potentially contain sensitive credentials or configurations for other services. While the skill uses this for its own functionality, it represents an overly broad filesystem scope and a potential credential harvesting vector if the skill were compromised or if the file contained unintended sensitive data. Store API keys and sensitive configurations in a dedicated, restricted location specific to the skill, or rely solely on environment variables. Avoid hardcoding paths to external configuration files in the user's home directory, especially those that might contain credentials for other applications. | Unknown | generate.js:50 |
Scan History
Embed Code
[](https://skillshield.io/report/9e44172619db8389)
Powered by SkillShield