Security Audit

mrdulasolutions/exchekskills:exchek-ecp

github.com/mrdulasolutions/exchekskills

AI SkillCommit c49adb39ac4c

CAUTION

Scanned 12 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

mrdulasolutions/exchekskills:exchek-ecp received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Command Injection via User-Controlled Path, Unpinned Dependency in package.json.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 18, 2026 (commit c49adb39). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

93%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Command Injection via User-Controlled Path The skill instructs the LLM to execute a shell command (`node exchek-docx/scripts/report-to-docx.mjs <full-path-to-temp.md>`) where `<full-path-to-temp.md>` includes a user-provided folder name. If the user provides a folder name containing shell metacharacters (e.g., `my_folder; evil_command`), this could lead to arbitrary command execution on the host system. The LLM is instructed to ask the user for a 'Report folder' name and then use this input directly in constructing the path for the shell command. The LLM must sanitize or escape the user-provided folder name before constructing the `full-path-to-temp.md` argument for the shell command. This can be done by quoting the path or by using an execution method that explicitly prevents shell interpretation of arguments (e.g., passing arguments as a list to `subprocess.run` with `shell=False` in Python, or equivalent in the LLM's execution environment).	Static	SKILL.md:69
MEDIUM	Unpinned npm dependency version Dependency 'docx' is not pinned to an exact version ('^9.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	exchek-ecp/scripts/package.json
MEDIUM	Unpinned Dependency in package.json The `scripts/package.json` file specifies the `docx` dependency with a caret range (`^9.6.1`). While `package-lock.json` pins the exact version, relying on a caret range in `package.json` introduces a supply chain risk. If the `package-lock.json` is ignored or regenerated, a newer, potentially malicious or incompatible version of `docx` could be installed within the allowed range, leading to unexpected behavior or security vulnerabilities. Pin the `docx` dependency to an exact version (e.g., `"docx": "9.6.1"`) in `scripts/package.json`. This ensures deterministic builds and prevents unintended updates that could introduce vulnerabilities or breaking changes.	Static	scripts/package.json:9

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7b68c7a7caf338c3.svg)](https://skillshield.io/report/7b68c7a7caf338c3)