Trust Assessment
addis-assistant received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 2 critical, 3 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Arbitrary File Read leading to Data Exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 5acc5677). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dagmawibabi/addis-assistant-stt/scripts/stt.py:37 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/dagmawibabi/addis-assistant-stt/scripts/translate.py:48 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_stt'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dagmawibabi/addis-assistant-stt/scripts/stt.py:37 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_translate'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/dagmawibabi/addis-assistant-stt/scripts/translate.py:48 | |
| HIGH | Arbitrary File Read leading to Data Exfiltration The `stt.py` script constructs a `curl` command that uses the user-provided `audio_file_path` directly in the `--form 'audio=@{audio_file_path}'` argument. This allows an attacker to specify any file path on the system (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`, `/proc/self/environ`). The `curl` command will then read the content of the specified file and upload it to the `api.addisassistant.com` endpoint, leading to unauthorized data exfiltration. Implement strict validation and sanitization for `audio_file_path`. Instead of directly using the user-provided path, consider: 1) Restricting file access to a specific, sandboxed directory. 2) Validating the file type to ensure it's an audio file. 3) If possible, use a library that handles file uploads securely without direct `curl` command construction, or ensure `curl` is invoked in a way that prevents reading arbitrary files (e.g., by pre-reading the file content in Python and passing it as `--data-binary` if the API supports it, or by using a dedicated HTTP client library like `requests`). | LLM | scripts/stt.py:30 | |
| MEDIUM | API Key Exposed via Command-Line Arguments The `x-api-key` is passed as a command-line argument (`sys.argv[1]`) to `stt.py`. Command-line arguments can be visible to other users on the system via process listings (`ps aux`) and may be stored in shell history files, leading to unauthorized disclosure of the API key. API keys and other sensitive credentials should not be passed as command-line arguments. Instead, they should be loaded from environment variables, a secure configuration file with restricted permissions, or a secrets management service. | LLM | scripts/stt.py:40 | |
| MEDIUM | API Key Exposed via Command-Line Arguments The `x-api-key` is passed as a command-line argument (`sys.argv[1]`) to `translate.py`. Command-line arguments can be visible to other users on the system via process listings (`ps aux`) and may be stored in shell history files, leading to unauthorized disclosure of the API key. API keys and other sensitive credentials should not be passed as command-line arguments. Instead, they should be loaded from environment variables, a secure configuration file with restricted permissions, or a secrets management service. | LLM | scripts/translate.py:40 |
Scan History
Embed Code
[](https://skillshield.io/report/02b2e9e832402457)
Powered by SkillShield