Security Audit

mrdulasolutions/exchekskills:exchek-csl

github.com/mrdulasolutions/exchekskills

AI SkillCommit c49adb39ac4c

TRUSTED

Scanned 12 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

mrdulasolutions/exchekskills:exchek-csl received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Command Injection via unsanitized filename in shell command.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 18, 2026 (commit c49adb39). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

91%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Command Injection via unsanitized filename in shell command The skill instructs the LLM to rename a generated `.docx` file using a name derived from a 'short sanitized version of the search query'. If the LLM fails to properly sanitize the user-provided search query before incorporating it into the filename for a shell command (e.g., `mv`), an attacker could inject arbitrary shell commands. For example, a search query like `foo; rm -rf /` could lead to the execution of `rm -rf /` if the filename is constructed as `ExChek-CSL-Report-YYYY-MM-DD-foo; rm -rf /.docx` and then used in a shell `mv` command. Provide explicit and unambiguous instructions for how the LLM should sanitize user input for filenames (e.g., allow only alphanumeric characters, hyphens, and underscores; escape or remove all other characters). Alternatively, instruct the LLM to use a unique, non-user-controlled identifier (like a UUID or hash) for the filename, storing the user-friendly name as metadata, to prevent user input from directly influencing the file path used in shell commands.	LLM	SKILL.md:78
MEDIUM	Unpinned npm dependency version Dependency 'docx' is not pinned to an exact version ('^9.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	exchek-csl/scripts/package.json
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	exchek-csl/scripts/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/cc734c14e63a083a.svg)](https://skillshield.io/report/cc734c14e63a083a)