Security Audit
mrdulasolutions/exchekskills:exchek-license
github.com/mrdulasolutions/exchekskillsTrust Assessment
mrdulasolutions/exchekskills:exchek-license received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Arbitrary Command Execution via User-Controlled File Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on March 18, 2026 (commit c49adb39). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Command Execution via User-Controlled File Path The skill instructs the LLM to execute a `node` script (`report-to-docx.mjs`) using a file path (`<full-path-to-temp.md>`) that is partially derived from user input (the chosen folder). If a malicious user provides a folder name containing shell metacharacters (e.g., `'; rm -rf /; echo '`), the LLM could construct and execute a command that breaks out of the intended `node` invocation, leading to arbitrary command execution on the host system. This grants an attacker full control over the environment where the skill is run, enabling data exfiltration, system modification, or denial of service. 1. **Sanitize User Input:** Before constructing the command, strictly sanitize the user-provided folder name to remove or escape any shell metacharacters. Only allow alphanumeric characters, spaces, and common path separators. 2. **Use a Safe API:** If possible, use a file system API provided by the LLM environment that handles path construction and file operations securely, rather than directly constructing and executing shell commands. 3. **Restrict File System Access:** Limit the directories where the skill can write files to a dedicated, sandboxed location, rather than broad access to 'Desktop' or 'Documents'. | LLM | SKILL.md:49 | |
| HIGH | Broad Filesystem Write Access to User Directories The skill instructs the LLM to ask the user for a folder to save memos, explicitly mentioning sensitive user directories like 'Desktop' and 'Documents'. This grants the skill broad write access to potentially sensitive areas of the user's filesystem. While intended for legitimate document saving, this level of access, especially when combined with the identified command injection vulnerability, significantly increases the risk of data tampering, deletion, or exfiltration if an attacker gains control. 1. **Sandbox File Operations:** If the environment supports it, restrict file write operations to a dedicated, sandboxed directory for the skill. 2. **Minimize Scope:** If direct user folder selection is necessary, provide a limited set of pre-approved, less sensitive directories, or ensure robust sanitization and sandboxing are in place. 3. **Just-in-Time Permissions:** Request specific file write permissions only when absolutely necessary, rather than assuming broad access. | LLM | SKILL.md:45 | |
| MEDIUM | Unpinned npm dependency version Dependency 'docx' is not pinned to an exact version ('^9.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | exchek-license/scripts/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | exchek-license/scripts/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/5845d734912e1c6e)
Powered by SkillShield