Trust Assessment
repo received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 15 findings: 7 critical, 7 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Missing required field: name, Dangerous call: subprocess.run().
The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, manifest_analysis, static_code_analysis. The manifest_analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 10, 2026 (commit 7c94765c). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings15
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/gateway/main.py:24 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/gateway/main.py:181 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/gateway/main.py:206 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/tts-server/server.py:191 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/tts-server/server.py:240 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/tts-server/server.py:243 | |
| CRITICAL | Arbitrary File Read via FFmpeg Concat Injection The `concatenate_audio_ffmpeg` function constructs an FFmpeg concat list file using filenames derived from the unvalidated `response_format` field. An attacker can inject newlines and `file` directives (e.g., `wav\nfile '/etc/passwd'`) into the `response_format` to force FFmpeg to read and include arbitrary local files in the output audio. Validate `response_format` against a strict whitelist of allowed extensions (e.g., mp3, wav, ogg). Ensure filenames written to the concat list are properly escaped. | Unknown | gateway/main.py:127 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_check_ffmpeg'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/gateway/main.py:24 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'concatenate_audio_ffmpeg'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/gateway/main.py:181 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'concatenate_audio_ffmpeg'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/gateway/main.py:206 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'audio_to_bytes'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/tts-server/server.py:191 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'health'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/tts-server/server.py:240 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'health'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/tts-server/server.py:243 | |
| HIGH | Arbitrary File Write via Path Traversal The `concatenate_audio_ffmpeg` function uses the unvalidated `response_format` field to construct the output filename via `os.path.join`. An attacker can supply a format containing path traversal characters (e.g., `../`) to write the generated audio file to arbitrary locations on the filesystem. Validate `response_format` against a whitelist. Sanitize the format string to remove path traversal characters before using it in file paths. | Unknown | gateway/main.py:131 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Unknown | /tmp/skillscan-clone-l_t21u84/repo/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/e281044939bf79eb)
Powered by SkillShield