Trust Assessment
dialpad received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 1 critical, 3 high, 6 medium, and 0 low severity. Key findings include Potential hardcoded secret (high entropy), Suspicious import: urllib.request, Potential data exfiltration: file read + network send.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Hardcoded API Key The `lookup_contact.py` script contains a Dialpad API key directly embedded in the source code. This is a severe security vulnerability as it exposes the key to anyone who can view the script, making it vulnerable to unauthorized access and potential credential harvesting. API keys should always be loaded from environment variables or a secure configuration store. Remove the hardcoded API key. Store the API key in an environment variable (e.g., `DIALPAD_API_KEY_LOOKUP`) and retrieve it using `os.environ.get()`, similar to how `DIALPAD_API_KEY` is handled in other scripts. Ensure the environment variable is properly secured. | LLM | lookup_contact.py:4 | |
| HIGH | Potential data exfiltration: file read + network send Function 'export_sms' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/kesslerio/dialpad/export_sms.py:114 | |
| HIGH | Data Exfiltration via Webhook URL Injection The `create_sms_webhook.py` script allows an arbitrary URL to be registered as a Dialpad webhook endpoint via the `--url` command-line argument. If an attacker can manipulate the LLM to provide a malicious URL, all SMS events (potentially including message content if the API key has the `message_content_export` scope, as mentioned in SKILL.md) could be exfiltrated to an attacker-controlled server. This constitutes a direct data exfiltration risk. Implement strict validation and whitelisting for webhook URLs. Only allow URLs from trusted domains or specific internal endpoints. If dynamic URLs are necessary, ensure they are passed through a secure proxy or a service that can validate their legitimacy and prevent redirection to malicious sites. Consider adding a confirmation step for webhook creation to prevent silent exfiltration. | LLM | create_sms_webhook.py:40 | |
| HIGH | Arbitrary File Write for SMS Export The `export_sms.py` script allows specifying an arbitrary output file path via the `--output` command-line argument. The script then writes sensitive SMS data (including message content, sender, and recipient) to this specified path. An attacker could exploit this by providing a path to a sensitive system file (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`) to overwrite it, leading to data integrity issues or denial of service. Alternatively, they could specify a publicly accessible location to exfiltrate the sensitive SMS data. Restrict the output file path to a designated, secure directory (e.g., a temporary directory or a user-specific data directory). Prevent writing to arbitrary paths by sanitizing the input or enforcing a base directory. If the skill needs to write to user-specified locations, implement robust path validation to prevent directory traversal attacks (e.g., disallow `..` in paths) and ensure the target directory is not a sensitive system location. | LLM | export_sms.py:100 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=5.33) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/kesslerio/dialpad/lookup_contact.py:6 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/dialpad/create_sms_webhook.py:14 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/dialpad/export_sms.py:15 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/dialpad/lookup_contact.py:3 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/dialpad/make_call.py:17 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/dialpad/send_sms.py:15 |
Scan History
Embed Code
[](https://skillshield.io/report/40e8a44d3f35cae4)
Powered by SkillShield