Security Audit

mrdulasolutions/exchekskills:exchek-deemed-export

github.com/mrdulasolutions/exchekskills

AI SkillCommit c49adb39ac4c

CAUTION

Scanned 12 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

mrdulasolutions/exchekskills:exchek-deemed-export received a trust score of 53/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 2 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Potential Command Injection via Shell Execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on March 18, 2026 (commit c49adb39). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

63%

Dependency Graph

91%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

3 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings4

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via Shell Execution The skill explicitly instructs the LLM to execute a shell command `node exchek-docx/scripts/report-to-docx.mjs <full-path-to-temp.md>`. The `<full-path-to-temp.md>` argument is constructed using user-provided input (the report folder name from step 1) and the content of the memo, which is also derived from user input. If an attacker can inject shell metacharacters (e.g., `;`, `&&`, `\|`, `$()`) into the path or filename, arbitrary commands could be executed on the host system. Avoid direct shell command execution with user-controlled arguments. If file conversion is necessary, use a dedicated, sandboxed API or a subprocess execution method that passes arguments as an array, preventing shell interpretation. Ensure all user-provided inputs used in file paths are strictly sanitized to remove any shell metacharacters.	Static	SKILL.md:50
MEDIUM	Unpinned npm dependency version Dependency 'docx' is not pinned to an exact version ('^9.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	exchek-deemed-export/scripts/package.json
MEDIUM	Unpinned Dependency in package.json The `scripts/package.json` file uses a caret (`^`) for the `docx` dependency (`"docx": "^9.6.1"`). This allows for automatic updates to new minor and patch versions. While convenient, it introduces a supply chain risk as a malicious update to a dependency could be automatically pulled in without explicit review, potentially compromising the skill's integrity or the host system. Pin all dependencies to exact versions (e.g., `"docx": "9.6.1"`) to ensure deterministic builds and prevent unexpected or malicious changes from being introduced through automatic updates. Regularly audit and manually update dependencies after verifying their integrity.	Static	scripts/package.json:9
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	exchek-deemed-export/scripts/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9b0162e00194844d.svg)](https://skillshield.io/report/9b0162e00194844d)