Trust Assessment
drawthings received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 5 critical, 1 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Suspicious import: requests, Arbitrary File Write via Path Traversal.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dustinparsons/drawthings/SKILL.md:17 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dustinparsons/drawthings/SKILL.md:20 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dustinparsons/drawthings/SKILL.md:25 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dustinparsons/drawthings/scripts/generate.py:60 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/dustinparsons/drawthings/scripts/generate.py:179 | |
| HIGH | Arbitrary File Write via Path Traversal The `scripts/generate.py` script allows users to specify an arbitrary output file path via the `--output` argument. The `pathlib.Path` constructor used to handle this path does not sanitize against path traversal sequences (e.g., `../`). This allows an attacker to write generated image data to arbitrary locations on the filesystem, potentially overwriting critical system files or user data, or exhausting disk space in sensitive directories. Sanitize the `output_path` argument to prevent path traversal. Use `pathlib.Path.resolve()` with `strict=True` and ensure the resolved path remains within an allowed output directory, or implement custom validation to disallow `../` sequences. Alternatively, restrict output to a predefined, isolated directory. | LLM | scripts/generate.py:118 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/dustinparsons/drawthings/scripts/generate.py:18 | |
| MEDIUM | Server-Side Request Forgery (SSRF) via User-Controlled API URL The `scripts/generate.py` script allows the `DRAWTHINGS_URL` to be overridden by a command-line argument `--api-url`. This means a user (or a malicious LLM prompt) can direct the skill to make an HTTP POST request to an arbitrary URL. The request payload includes the user's prompt and generation parameters. This could be exploited for Server-Side Request Forgery (SSRF) to probe internal networks, or for data exfiltration by sending the prompt data to an attacker-controlled server. If possible, restrict the `--api-url` argument to only allow specific, trusted domains or IP ranges. If arbitrary URLs must be allowed, implement robust URL validation and consider proxying requests through a service that can enforce network access policies. Ensure that sensitive data is not included in requests to untrusted endpoints. | LLM | scripts/generate.py:50 |
Scan History
Embed Code
[](https://skillshield.io/report/9228606f5a1e1518)
Powered by SkillShield