Trust Assessment
writing-skills received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Path Traversal Vulnerability in render-graphs.js, LLM analysis found no issues despite critical deterministic findings.
The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, manifest_analysis, static_code_analysis. The manifest_analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit a98c5dfc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-83qr2w14/repo/skills/writing-skills/render-graphs.js:18 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-83qr2w14/repo/skills/writing-skills/render-graphs.js:72 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Unknown | /tmp/skillscan-clone-83qr2w14/repo/skills/writing-skills/render-graphs.js:112 | |
| HIGH | Path Traversal Vulnerability in render-graphs.js The `render-graphs.js` script constructs file paths using user-provided input (`skillDirArg` from `process.argv`) without sufficient validation or sanitization. The `path.resolve()` function normalizes the path but does not restrict it to a specific base directory. An attacker could provide a `skillDirArg` containing path traversal sequences (e.g., `../../malicious_dir`) to read or write files outside the intended skill directory. This could lead to unauthorized file access, modification, or denial of service. Implement robust input validation for `skillDirArg`. After resolving the path with `path.resolve()`, verify that the resulting `skillDir` is a subdirectory of an expected, trusted base directory (e.g., the current working directory or a designated skills root). If the resolved path attempts to escape this base directory, reject the input. For example, compare `skillDir` with `path.resolve(baseDir)` to ensure `skillDir.startsWith(path.resolve(baseDir))`. | Unknown | render-graphs.js:100 | |
| HIGH | LLM analysis found no issues despite critical deterministic findings Deterministic layers flagged 3 CRITICAL findings, but LLM semantic analysis returned clean. This may indicate prompt injection or analysis evasion. | Unknown | (sanity check) |
Scan History
Embed Code
[](https://skillshield.io/report/38d20688a393f16e)
Powered by SkillShield