Trust Assessment
dzen received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Skill requires and processes sensitive session cookies and CSRF token.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary local file upload leading to data exfiltration The `scripts/publish.py` script allows users to specify arbitrary local file paths via the `--media` command-line argument. The `upload_media` function then reads the content of these files and uploads them to `dzen.ru/api/v3/uploader/transcode`. An attacker who can control the `--media` argument could specify paths to sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, or even the `dzen_config.json` itself). The content of these files would then be exfiltrated to Dzen.ru's servers, potentially making them accessible to the attacker or Dzen.ru. Implement strict validation for media file paths. Restrict file access to a designated media directory. Consider using a file picker or a more controlled mechanism for selecting media files instead of arbitrary paths. If arbitrary paths are necessary, ensure the skill runs with minimal file system permissions and that the input is sanitized and validated against a whitelist of allowed file types and locations. | LLM | scripts/publish.py:20 | |
| HIGH | Potential data exfiltration: file read + network send Function 'upload_media' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/ruslanlanket/dzen/scripts/publish.py:24 | |
| HIGH | Skill requires and processes sensitive session cookies and CSRF token The skill requires users to manually extract and store Dzen.ru session cookies and a CSRF token in a local `dzen_config.json` file. The `scripts/publish.py` script then reads these highly sensitive credentials and uses them for authentication in subsequent API calls. While the skill itself does not exfiltrate this configuration file, the handling of long-lived session credentials poses a significant risk. If the `dzen_config.json` file is compromised (e.g., due to improper file permissions, accidental commit to a public repository, or local malware), an attacker could gain full control over the user's Dzen.ru session, leading to unauthorized content publication or account takeover. Advise users on secure storage practices for `dzen_config.json` (e.g., restrict file permissions, use environment variables or a secure secrets manager instead of a plain JSON file). Implement robust input validation for the config file path. Consider using short-lived tokens or OAuth if Dzen.ru ever provides a public API. | LLM | scripts/publish.py:90 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ruslanlanket/dzen/scripts/publish.py:4 |
Scan History
Embed Code
[](https://skillshield.io/report/9cd61aceef82d929)
Powered by SkillShield