Security Audit

lawvable/awesome-legal-skills:skills/vscode-extension-builder-lawvable

github.com/lawvable/awesome-legal-skills

AI SkillCommit 4d82d4cfd6bf

CRITICAL

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

lawvable/awesome-legal-skills:skills/vscode-extension-builder-lawvable received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 14 findings: 2 critical, 0 high, 5 medium, and 7 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Arbitrary File Read via AI Bridge.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 36/100, indicating areas for improvement.

Last analyzed on February 26, 2026 (commit 4d82d4cf). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

36%

Dependency Graph

55%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

3 findings

Filesystem Write

7 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings14

Severity	Finding	Layer	Location
CRITICAL	Arbitrary File Read via AI Bridge The `readFile` handler in the AI bridge allows an external AI agent to read arbitrary files on the user's system. The `filePath` parameter, received from the untrusted AI agent via file-based IPC, is used directly to construct a `vscode.Uri.file` without any path validation or sanitization. This enables path traversal attacks (e.g., `../../../etc/passwd`), leading to sensitive data exfiltration. Implement robust path validation for `params.filePath` in the `readFile` handler. Ensure the resolved path is strictly within the workspace root or a designated safe subdirectory. Reject any paths that attempt to traverse outside these allowed boundaries. For example, resolve the path and then verify that `resolvedPath.startsWith(workspaceRoot)`.	Static	assets/file-bridge/src/extension.ts:90
CRITICAL	Arbitrary File Write via AI Bridge The `writeFile` handler in the AI bridge allows an external AI agent to write to arbitrary files on the user's system. Similar to `readFile`, the `filePath` parameter from the untrusted AI agent is used directly without path validation. This enables path traversal attacks, allowing an attacker to overwrite critical system files, inject malicious code into user projects, or create new files in sensitive locations, leading to potential system compromise or persistent code injection. Implement robust path validation for `params.filePath` in the `writeFile` handler. Ensure the resolved path is strictly within the workspace root or a designated safe subdirectory. Reject any paths that attempt to traverse outside these allowed boundaries. For example, resolve the path and then verify that `resolvedPath.startsWith(workspaceRoot)`.	Static	assets/file-bridge/src/extension.ts:97
MEDIUM	Unpinned npm dependency version Dependency '@types/node' is not pinned to an exact version ('^20.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/vscode-extension-builder-lawvable/assets/basic-command/package.json
MEDIUM	Unpinned npm dependency version Dependency '@types/node' is not pinned to an exact version ('^20.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/vscode-extension-builder-lawvable/assets/custom-editor/package.json
MEDIUM	Unpinned npm dependency version Dependency '@types/node' is not pinned to an exact version ('^20.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/vscode-extension-builder-lawvable/assets/file-bridge/package.json
MEDIUM	Unpinned npm dependency version Dependency '@types/node' is not pinned to an exact version ('^20.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/vscode-extension-builder-lawvable/assets/tree-view/package.json
MEDIUM	Unpinned npm dependency version Dependency '@types/node' is not pinned to an exact version ('^20.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/vscode-extension-builder-lawvable/assets/webview-react/package.json
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/vscode-extension-builder-lawvable/assets/basic-command/package.json
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/vscode-extension-builder-lawvable/assets/custom-editor/package.json
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/vscode-extension-builder-lawvable/assets/file-bridge/package.json
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/vscode-extension-builder-lawvable/assets/tree-view/package.json
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/vscode-extension-builder-lawvable/assets/webview-react/package.json
LOW	Arbitrary Message Display via AI Bridge The `showMessage` handler in the AI bridge allows an external AI agent to display arbitrary messages to the user via `vscode.window.showInformationMessage`, `showWarningMessage`, or `showErrorMessage`. While not directly leading to code execution, this could be used for social engineering attacks, phishing, or to mislead the user. Consider if displaying arbitrary messages from an AI agent is necessary. If so, ensure users are aware of the source of these messages and that they should not trust them implicitly. Adding a prefix to the message (e.g., '[AI Agent] ') could help distinguish them.	Static	assets/file-bridge/src/extension.ts:79
LOW	Arbitrary Message Display from Webview The `alert` message handler in the webview extension allows the webview to trigger `vscode.window.showInformationMessage` with arbitrary text. While webviews are sandboxed, a compromised webview (e.g., via XSS if its own code is vulnerable, which is not provided here) could use this to display misleading messages to the user, potentially for social engineering. Ensure the webview's own code is secure against XSS. If the webview is intended to display user-generated content, sanitize it thoroughly before rendering. For messages sent to the extension host, consider if arbitrary text is truly necessary or if a more constrained set of messages would suffice.	Static	assets/webview-react/src/extension.ts:79

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e99c0b742c2763e8.svg)](https://skillshield.io/report/e99c0b742c2763e8)