Trust Assessment
creative-illustration received a trust score of 39/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 2 medium, and 1 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Suspicious import: urllib.request.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/adebayoabdushaheed-a11y/afame/scripts/illustrate.py:272 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/adebayoabdushaheed-a11y/afame/scripts/illustrate.py:272 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/adebayoabdushaheed-a11y/afame/scripts/illustrate.py:13 | |
| MEDIUM | Arbitrary file write via user-controlled output directory The `illustrate.py` script allows users to specify an arbitrary output directory via the `--out-dir` command-line argument. The script uses `os.makedirs` to create this directory and `os.path.join` to construct file paths for saving generated images (`.png`), prompt data (`prompts.json`), and an HTML gallery (`index.html`). While the filenames themselves are partially sanitized using `_slug`, the directory path provided by the user is not validated or restricted. An attacker could leverage path traversal sequences (e.g., `../../`) or absolute paths to write files to sensitive system locations (e.g., `/etc/cron.d`, `/var/www/html`, user's home directory) if the agent process has sufficient write permissions. This could lead to privilege escalation, denial of service, or serving malicious content. 1. **Restrict output directory**: Confine the output directory to a specific, isolated sandbox location (e.g., a temporary directory within the skill's own workspace) and do not allow arbitrary user-specified paths. 2. **Path validation**: If user-specified paths are necessary, strictly validate the `--out-dir` argument to ensure it is within an allowed base directory and does not contain path traversal sequences (e.g., `..`). Use `os.path.abspath` and `os.path.commonprefix` to ensure the resolved path remains within the intended base. 3. **Principle of Least Privilege**: Run the agent with minimal filesystem write permissions, restricting it only to necessary directories. | LLM | scripts/illustrate.py | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/adebayoabdushaheed-a11y/afame/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/2abccd89659e012c)
Powered by SkillShield