Trust Assessment
add-fal-model received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Potential Command Injection via user-controlled video_url, Potential Server-Side Request Forgery (SSRF) via user-controlled video_url.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hexiaochun/add-fal-model/SKILL.md:408 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hexiaochun/add-fal-model/SKILL.md:518 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hexiaochun/add-fal-model/SKILL.md:585 | |
| HIGH | Potential Command Injection via user-controlled video_url The `get_price` method, intended for 'per second' billing models, retrieves `video_url` directly from user-controlled `params` and passes it to `app.utils.video_utils.get_video_duration_sync`. If `get_video_duration_sync` internally executes shell commands (e.g., `ffmpeg`) without proper sanitization of the `video_url` or by using `shell=True` with `subprocess` calls, a malicious `video_url` could lead to arbitrary command execution on the host system. Ensure `app.utils.video_utils.get_video_duration_sync` strictly sanitizes the `video_url` before using it in any shell command. If `subprocess` is used, prefer `shell=False` and pass arguments as a list. Additionally, implement input validation for `video_url` to restrict allowed schemes, domains, and prevent special characters that could be used for command injection. | LLM | translate_api/app/api/v3/executors/video/{model}_executor.py | |
| HIGH | Potential Server-Side Request Forgery (SSRF) via user-controlled video_url The `get_price` method, intended for 'per second' billing models, retrieves `video_url` directly from user-controlled `params` and passes it to `app.utils.video_utils.get_video_duration_sync`. If `get_video_duration_sync` fetches content from the provided URL without proper validation, an attacker could supply an internal URL (e.g., `http://localhost`, `file:///etc/passwd`), leading to Server-Side Request Forgery (SSRF). This could allow access to internal network resources, sensitive files, or other services not intended to be exposed. Implement strict URL validation for the `video_url` parameter. This should include whitelisting allowed URL schemes (e.g., `http`, `https`), restricting allowed domains, and preventing access to internal IP ranges, loopback addresses, and file system paths. Ensure the `get_video_duration_sync` function respects these validations before making any network requests. | LLM | translate_api/app/api/v3/executors/video/{model}_executor.py |
Scan History
Embed Code
[](https://skillshield.io/report/fc7c07b72e4022b2)
Powered by SkillShield