Security Audit

mrdulasolutions/exchekskills:exchek-audit-lookback

github.com/mrdulasolutions/exchekskills

AI SkillCommit c49adb39ac4c

CAUTION

Scanned 12 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

mrdulasolutions/exchekskills:exchek-audit-lookback received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Command Injection via User-Controlled Path in Shell Execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 18, 2026 (commit c49adb39). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

70%

Dependency Graph

91%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Command Injection via User-Controlled Path in Shell Execution The skill instructs the host LLM to execute a shell command (`node exchek-docx/scripts/report-to-docx.mjs <full-path-to-temp.md>`) where `<full-path-to-temp.md>` is constructed using a user-provided folder name. If the user provides a malicious folder name containing shell metacharacters (e.g., `;`, `\|`, `&`, `$()`, `` ` ``), these characters will be interpreted by the shell executing the `node` command, leading to arbitrary command execution on the host system. The LLM is not explicitly instructed to sanitize or quote the user input before incorporating it into the shell command. Instruct the LLM to strictly sanitize or properly quote any user-provided input before incorporating it into shell commands. A more robust solution would be to pass the user-provided folder name as a separate, distinct argument to the `report-to-docx.mjs` script, and have the script itself construct the full, safe file path using `path.join` or `path.resolve` internally, rather than relying on the LLM to construct the full path for shell execution.	Static	SKILL.md:56
MEDIUM	Unpinned npm dependency version Dependency 'docx' is not pinned to an exact version ('^9.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	exchek-audit-lookback/scripts/package.json
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	exchek-audit-lookback/scripts/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f07c46de06670ca4.svg)](https://skillshield.io/report/f07c46de06670ca4)