Trust Assessment
announcer received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 18 findings: 8 critical, 8 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Path Traversal via user-controlled config file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings18
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/announcer/scripts/announce.py:38 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/announcer/scripts/announce.py:56 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/announcer/scripts/announce.py:78 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/announcer/scripts/announce.py:105 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/announcer/scripts/announce.py:138 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/announcer/scripts/announce.py:166 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/announcer/scripts/announce.py:178 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/announcer/scripts/announce.py:192 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_tts'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/announcer/scripts/announce.py:38 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'convert_to_stereo_mp3'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/announcer/scripts/announce.py:56 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'setup_airfoil'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/announcer/scripts/announce.py:78 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'wait_for_connections'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/announcer/scripts/announce.py:138 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'play_audio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/announcer/scripts/announce.py:166 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'disconnect_all'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/announcer/scripts/announce.py:178 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'list_speakers'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/announcer/scripts/announce.py:192 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'wait_for_connections'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/announcer/scripts/announce.py:105 | |
| MEDIUM | Path Traversal via user-controlled config file The `chime_file` value is loaded from `config.json`, which is user-controlled. This value is then used to construct `GONG_PATH` without proper sanitization to prevent directory traversal. A malicious user could set `chime_file` to a path like `../../../../etc/passwd`, causing the `play_audio_file` function to attempt to play an arbitrary file outside the intended `assets` directory. While `_sanitize_applescript_string` prevents AppleScript injection, it does not prevent `osascript` from being instructed to open an arbitrary file path. This could lead to denial of service (Airfoil attempting to play a non-audio file) or indirect information disclosure if the file path or content is logged or exposed by Airfoil. Validate the `chime_file` value from `config.json` to ensure it is a simple filename (e.g., using `Path(filename).name`) or restrict it to a known safe directory. For example, modify the line to `GONG_PATH = SKILL_DIR / "assets" / Path(_config["audio"].get("chime_file", "gong_stereo.mp3")).name`. | LLM | scripts/announce.py:50 | |
| INFO | Supply Chain Risk: Execution of external skill script The skill executes another skill's script (`elevenlabs/scripts/speech.py`) using `subprocess.run` in the `generate_tts` function. While arguments are passed as a list, mitigating shell injection in this script, the security of this skill is dependent on the security of the `elevenlabs/scripts/speech.py` script. If the external script contains vulnerabilities (e.g., command injection via its own argument parsing, or other exploits), this skill would inherit those risks. Review the `elevenlabs/scripts/speech.py` skill for potential vulnerabilities, especially regarding how it handles its input arguments. Ensure all dependencies are trusted and well-audited. Consider isolating external skill executions if possible. | LLM | scripts/announce.py:56 |
Scan History
Embed Code
[](https://skillshield.io/report/9d43c444c31e538a)
Powered by SkillShield