Security Audit
mrdulasolutions/exchekskills:exchek-country-risk
github.com/mrdulasolutions/exchekskillsTrust Assessment
mrdulasolutions/exchekskills:exchek-country-risk received a trust score of 42/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 1 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Command Injection via User-Controlled File Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on March 18, 2026 (commit c49adb39). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via User-Controlled File Path The skill explicitly instructs the LLM to execute a shell command (`node`) with a file path (`<full-path-to-saved-one-pager.md>`) that is constructed based on user input (country name, and potentially a user-specified folder). If a malicious user can inject shell metacharacters (e.g., `;`, `&`, `|`, `$()`) into the country name or folder name, they could execute arbitrary commands on the host system. The `report-to-docx.mjs` script directly uses `process.argv[2]` for the file path without apparent sanitization. Implement robust sanitization and validation for all user-provided inputs that are used in shell commands or file paths. Ideally, avoid direct shell execution of user-influenced paths. If shell execution is necessary, ensure all arguments are properly escaped or passed as distinct arguments to prevent shell metacharacter interpretation. Consider using a safer API for document conversion that doesn't involve direct shell command execution with user-controlled arguments. | Static | SKILL.md:74 | |
| HIGH | Excessive Permissions: Shell Execution and File System Write Access The skill requires the LLM to perform direct shell command execution (`node`, `npm`) and write files to user-specified locations. This grants broad permissions to the LLM environment. While necessary for the skill's functionality, these broad permissions, especially when combined with the command injection vulnerability, significantly increase the attack surface and potential impact of a successful exploit. The ability to write files to arbitrary user-specified folders also poses a risk if not properly constrained. Minimize the permissions granted to the LLM. If shell execution is unavoidable, ensure it runs in a highly sandboxed environment with minimal privileges. Restrict file write operations to specific, isolated directories. Implement strict allow-listing for commands and arguments that can be executed. For file paths, ensure that the LLM cannot specify arbitrary directories, but only pre-defined or strictly validated subdirectories. | Static | SKILL.md:74 | |
| MEDIUM | Unpinned npm dependency version Dependency 'docx' is not pinned to an exact version ('^9.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | exchek-country-risk/scripts/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | exchek-country-risk/scripts/package.json | |
| LOW | Unpinned Dependency Version in package.json The `scripts/package.json` file uses a caret (`^`) version specifier for the `docx` dependency (`^9.6.1`). This allows for automatic updates to minor and patch versions. While common, it introduces a minor supply chain risk, as a malicious update within the `9.x.x` range could be automatically installed and executed. For security-sensitive applications, exact version pinning (e.g., `"docx": "9.6.1"`) is generally recommended to ensure deterministic builds and prevent unexpected changes. Pin the `docx` dependency to an exact version (e.g., `"docx": "9.6.1"`) to ensure deterministic builds and prevent unexpected changes from upstream updates. Regularly audit and manually update dependencies to incorporate security fixes. | Static | scripts/package.json:10 |
Scan History
Embed Code
[](https://skillshield.io/report/19c6599683387c31)
Powered by SkillShield