Security Audit

mrdulasolutions/exchekskills:exchek-red-flag-assessment

github.com/mrdulasolutions/exchekskills

AI SkillCommit c49adb39ac4c

CAUTION

Scanned 12 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

mrdulasolutions/exchekskills:exchek-red-flag-assessment received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 1 critical, 0 high, 2 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Command Injection via User-Controlled Path in Shell Execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 61/100, indicating areas for improvement.

Last analyzed on March 18, 2026 (commit c49adb39). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

61%

Dependency Graph

91%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

4 findings

Shell Execution

3 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	Command Injection via User-Controlled Path in Shell Execution The skill's instructions in `SKILL.md` direct the LLM to execute a shell command: `node exchek-docx/scripts/report-to-docx.mjs <full-path-to-temp.md>`. The `<full-path-to-temp.md>` is constructed using a folder name provided by the user (from 'step 1' of the flow). If the LLM does not properly sanitize or escape shell metacharacters present in the user-provided folder name when forming this command string for execution, a malicious user could inject arbitrary shell commands. For example, a user providing a folder name like `my_reports; rm -rf /; #` could lead to the execution of `rm -rf /` on the host system. The LLM must be strictly instructed to sanitize or escape all user-provided input before incorporating it into shell commands. Ideally, avoid direct shell execution with user-controlled arguments. If shell execution is unavoidable, use a robust method to pass arguments that prevents shell metacharacter interpretation (e.g., by passing arguments as an array to a subprocess function rather than a single string to a shell).	Static	SKILL.md:56
MEDIUM	Unpinned npm dependency version Dependency 'docx' is not pinned to an exact version ('^9.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	exchek-red-flag-assessment/scripts/package.json
MEDIUM	Sensitive Data Exposure via Temporary Files The skill processes sensitive user data (e.g., party/transaction details, red-flag assessment notes) and writes it to a temporary `.md` file on the filesystem before converting it to a `.docx` file. Although the skill instructs the LLM to delete the temporary file immediately after conversion, there is a window of exposure where this sensitive data resides unencrypted on the filesystem. In environments where temporary files are not sufficiently isolated or are potentially accessible by other processes, this could lead to unauthorized data leakage. Minimize the time sensitive data resides on disk. If possible, perform the document conversion entirely in-memory without writing to a temporary file. If temporary files are strictly necessary, ensure they are written to a highly restricted, ephemeral, and ideally encrypted location, and securely deleted immediately after use. The execution environment should enforce strict isolation for temporary file storage.	Static	SKILL.md:55
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	exchek-red-flag-assessment/scripts/package.json
LOW	Unpinned Dependency in Build Script The `scripts/package.json` file, used for the document conversion script, specifies the `docx` dependency with a caret range (`^9.6.1`). This allows minor and patch updates to the dependency. While common, this introduces a potential supply chain risk where a new minor or patch release of `docx` could contain a vulnerability or malicious code that has not been explicitly reviewed, potentially affecting the integrity or security of the document conversion process. Pin dependencies to exact versions (e.g., `"docx": "9.6.1"`) to ensure reproducible builds and prevent unexpected changes from upstream packages. Regularly review and manually update dependencies to incorporate security fixes.	Static	scripts/package.json:9

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/33c81c4458c5aa19.svg)](https://skillshield.io/report/33c81c4458c5aa19)