Trust Assessment
change-order-analysis received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Potential Remote Code Execution via joblib.load with untrusted path, Arbitrary File Write via joblib.dump with untrusted path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Remote Code Execution via joblib.load with untrusted path The `ChangeOrderPredictor.load_models` method uses `joblib.load` to deserialize model data from a specified `path`. If an attacker can control this `path` argument, they could supply a path to a malicious pickle file. `joblib.load` (which uses `pickle.load` internally) is known to be vulnerable to arbitrary code execution if deserializing untrusted data. This allows an attacker to execute arbitrary code on the system where the skill is running. Avoid loading models from untrusted paths. If paths must be user-controlled, implement strict validation (e.g., allow only specific directories, check file extensions, sanitize path components). Consider using safer serialization formats if possible, or ensure the source of the `path` is absolutely trusted. | LLM | SKILL.md:301 | |
| HIGH | Arbitrary File Write via joblib.dump with untrusted path The `ChangeOrderPredictor.save_models` method uses `joblib.dump` to serialize model data to a specified `path`. If an attacker can control this `path` argument, they could write arbitrary files to arbitrary locations on the filesystem, potentially overwriting critical system files or writing malicious content to web roots, leading to denial of service or further compromise. Implement strict validation for the `path` argument, ensuring it points only to allowed, non-sensitive directories. Do not allow arbitrary paths. | LLM | SKILL.md:292 | |
| HIGH | Arbitrary File Write via pandas.ExcelWriter with untrusted path The `ChangeOrderAnalyzer.generate_report` method uses `pd.ExcelWriter` to create an Excel file at the `output_path` specified by an argument. If an attacker can control this `output_path`, they could write arbitrary files to arbitrary locations on the filesystem, potentially overwriting critical system files or writing malicious content, leading to denial of service or further compromise. Implement strict validation for the `output_path` argument, ensuring it points only to allowed, non-sensitive directories. Do not allow arbitrary paths. | LLM | SKILL.md:431 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/change-order-analysis/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/7771dec5376c6754)
Powered by SkillShield