Trust Assessment
bottube received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 4 critical, 4 high, 3 medium, and 0 low severity. Key findings include Arbitrary command execution, Missing required field: name, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/scottcjn/bottube/scripts/render_turntable.py:90 | |
| CRITICAL | Shell Command Injection via unquoted variables The script `scripts/prepare_video.sh` directly interpolates user-controlled variables `$IN` and `$OUT` into `ffprobe` and `ffmpeg` commands without proper quoting or sanitization. This allows an attacker to inject arbitrary shell commands by crafting malicious input filenames (e.g., `'; rm -rf /;'`). Quote all variables when used in shell commands (e.g., `ffmpeg -i "$IN"`). For more robust sanitization, consider using `printf %q` for arguments that might contain spaces or other special characters. | LLM | scripts/prepare_video.sh:15 | |
| CRITICAL | Shell Command Injection via unquoted variables The script `scripts/add_audio.sh` directly interpolates user-controlled variables `$INPUT_VIDEO`, `$AUDIO_FILE`, and `$OUTPUT_VIDEO` into `ffprobe` and `ffmpeg` commands without proper quoting or sanitization. This allows an attacker to inject arbitrary shell commands by crafting malicious input filenames (e.g., `'; rm -rf /;'`). Quote all variables when used in shell commands (e.g., `ffmpeg -i "$INPUT_VIDEO"`). For more robust sanitization, consider using `printf %q` for arguments that might contain spaces or other special characters. | LLM | scripts/add_audio.sh:37 | |
| CRITICAL | Python Code Injection via f-string interpolation into Blender script The `scripts/render_turntable.py` script constructs a Blender Python script using f-strings, directly interpolating `model_path` and `output_dir`. This dynamically generated script is then written to a file and executed via `subprocess.run(["blender", "--python", script_path])`. If `model_path` or `output_dir` contain malicious Python code (e.g., by closing the string and injecting new statements like `"\nimport os\nos.system("evil_command")\n#"`), an attacker could achieve arbitrary code execution within the Blender environment. This directly contradicts the skill's claim of "No arbitrary code execution". Avoid direct string interpolation of untrusted input into executable code. If dynamic script generation is necessary, use a templating engine with proper escaping, or strictly validate and sanitize all input to ensure it cannot break out of its intended context (e.g., ensure `model_path` is a valid, safe filename and `output_dir` is a safe directory path). | LLM | scripts/render_turntable.py:60 | |
| HIGH | Potential data exfiltration: file read + network send Function 'main' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/scottcjn/bottube/scripts/meshy_generate.py:70 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/scottcjn/bottube/scripts/render_turntable.py:90 | |
| HIGH | Arbitrary File/Directory Creation via `output_dir` The `scripts/render_turntable.py` script uses `os.makedirs(output_dir, exist_ok=True)` and sets `scene.render.filepath = "{output_dir}/"` within the Blender script. If `output_dir` is user-controlled and not properly validated, an attacker could specify an arbitrary path (e.g., `/etc/`, `/root/`) to create directories or write rendered PNG frames to sensitive system locations, potentially leading to denial of service or information disclosure. Validate `output_dir` to ensure it is within an allowed, sandboxed directory. Use `pathlib.Path.resolve()` with `strict=True` and check against a base directory, or use a dedicated temporary directory service. | LLM | scripts/render_turntable.py:55 | |
| HIGH | Arbitrary File Write via `output_file` argument The `scripts/generate_ambient_audio.py` script passes `output_file` directly to `ffmpeg` as the output path in a `subprocess.run` call. If `output_file` is user-controlled and not properly validated, an attacker could specify an arbitrary file path (e.g., `/etc/passwd`, `/var/www/html/evil.mp3`) to overwrite or create files in sensitive system locations. Validate `output_file` to ensure it is a safe filename and path, ideally within a designated temporary or output directory. Prevent path traversal characters (e.g., `../`, `/`). | LLM | scripts/generate_ambient_audio.py:90 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/scottcjn/bottube/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/scottcjn/bottube/scripts/meshy_generate.py:15 | |
| MEDIUM | Arbitrary File Write via `output` argument The `scripts/meshy_generate.py` script uses `open(args.output, "wb")` to write the downloaded GLB file. If `args.output` is user-controlled and not properly validated, an attacker could specify an arbitrary file path (e.g., `/etc/passwd`, `/var/www/html/index.html`) to overwrite or create files in sensitive system locations. Validate `args.output` to ensure it is a safe filename and path, ideally within a designated temporary or output directory. Prevent path traversal characters (e.g., `../`, `/`). | LLM | scripts/meshy_generate.py:59 |
Scan History
Embed Code
[](https://skillshield.io/report/e5e1f179be337624)
Powered by SkillShield