Trust Assessment
docker-xunlei-downloader received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Unpinned npm dependency version, Server-Side Request Forgery (SSRF) via unvalidated host configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Server-Side Request Forgery (SSRF) via unvalidated host configuration The skill allows users to configure the Xunlei service host via the `xunlei config set <host> <port>` command. The `<host>` parameter is taken directly from user input (`args[1]`) without validation. This unvalidated host is then used to construct the base URL for all subsequent HTTP requests made by the `XunleiDockerClient`. An attacker can specify an arbitrary internal IP address (e.g., `127.0.0.1`, `192.168.1.1`) or a malicious external server, coercing the skill's host machine to make requests to these controlled endpoints. This can lead to internal network scanning, access to internal services, or data exfiltration if the responses from these requests are returned to the attacker. Implement strict validation for the `host` parameter. This should include: 1. Validating that `host` is a legitimate hostname or IP address format. 2. Disallowing private IP ranges (e.g., `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `127.0.0.1`) to prevent access to internal networks. 3. Consider whitelisting allowed hosts if the Xunlei service is expected to run on a fixed set of addresses. | LLM | index.js:108 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/saaak/docker-xunlei-downloader/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'axios' is not pinned to an exact version ('^1.13.4'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/saaak/docker-xunlei-downloader/package.json | |
| LOW | Unpinned dependency in `package.json` The `package.json` file uses a caret (`^`) range for the `axios` dependency (`^1.13.4`). While `package-lock.json` pins the exact version, using caret ranges in `package.json` allows for automatic updates to minor and patch versions. This could potentially introduce vulnerabilities if a malicious update is pushed to `axios` or its sub-dependencies and the `package-lock.json` is not respected or is regenerated. Pin exact versions for all dependencies in `package.json` (e.g., `"axios": "1.13.4"`) to ensure deterministic builds and prevent unexpected updates. Regularly audit and manually update dependencies to incorporate security fixes. | LLM | package.json:18 | |
| INFO | Use of non-default npm registry (`npmmirror.com`) The `package-lock.json` file specifies `https://registry.npmmirror.com` as the resolved registry for all dependencies. While `npmmirror.com` is a known mirror, relying on a non-default registry introduces a dependency on that mirror's security and availability. A compromise of this mirror could potentially lead to malicious package injection, although the presence of `integrity` hashes significantly mitigates this risk. Consider using the default npm registry (`registry.npmjs.org`) unless there is a specific requirement for a mirror. If a mirror is necessary, ensure it is trusted and its security practices are well-understood. | LLM | package-lock.json:10 |
Scan History
Embed Code
[](https://skillshield.io/report/ccd33abcd1426b96)
Powered by SkillShield