Security Audit
mrdulasolutions/exchekskills:exchek-risk-triage
github.com/mrdulasolutions/exchekskillsTrust Assessment
mrdulasolutions/exchekskills:exchek-risk-triage received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 1 medium, and 2 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Command Injection via unsanitized user-provided directory name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on March 18, 2026 (commit c49adb39). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized user-provided directory name The skill instructs the LLM to execute a shell command `node exchek-docx/scripts/report-to-docx.mjs <full-path-to-temp.md>` where `<full-path-to-temp.md>` is constructed using a user-provided directory name. If the user provides a malicious directory name containing shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`), these characters could break out of the argument and execute arbitrary commands on the host system. The skill does not provide explicit instructions for the LLM to sanitize the user-provided directory name before constructing the command. Instruct the LLM to sanitize the user-provided directory name before constructing the command string. This could involve escaping shell metacharacters or strictly validating the input to ensure it only contains safe characters for a directory name. For example, explicitly tell the LLM to ensure the path is properly quoted or to replace/remove any characters that could be interpreted as shell commands. | LLM | SKILL.md:61 | |
| MEDIUM | Unpinned npm dependency version Dependency 'docx' is not pinned to an exact version ('^9.6.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | exchek-risk-triage/scripts/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | exchek-risk-triage/scripts/package.json | |
| LOW | Unpinned dependency in package.json The `docx` dependency in `scripts/package.json` uses a caret (`^`) version specifier (`^9.6.1`), which allows for minor and patch updates. While common, this practice can introduce unexpected changes or vulnerabilities if a new version of the dependency contains malicious code or breaking changes. Pinning to an exact version (e.g., `9.6.1`) provides greater supply chain security by ensuring deterministic dependency resolution. Pin the `docx` dependency to an exact version (e.g., `"docx": "9.6.1"`) to ensure deterministic builds and prevent unexpected updates. Regularly audit and manually update dependencies to incorporate security fixes. | LLM | scripts/package.json:10 |
Scan History
Embed Code
[](https://skillshield.io/report/b182b738f673b4a0)
Powered by SkillShield