Trust Assessment
excalidraw received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Potential Command Injection via Skill Workflow Description, Arbitrary File Read via Path Traversal.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via Skill Workflow Description The skill's described workflow in `SKILL.md` explicitly states that the agent should execute a `node` command with arguments including a filename derived from `<name>`. If `<name>` is user-controlled and not properly sanitized by the agent when constructing the shell command, an attacker could inject arbitrary shell commands (e.g., `'; rm -rf /; #'`) into the command string. This could lead to arbitrary code execution on the host system. The AI agent implementing this skill must ensure that any user-provided input used to construct file paths or command arguments is strictly validated and sanitized. It is highly recommended to pass command arguments as separate elements to a subprocess execution function (e.g., `subprocess.run(['node', script_path, input_file, output_file])`) rather than concatenating them into a single shell string, which prevents shell injection. | LLM | SKILL.md:10 | |
| HIGH | Arbitrary File Read via Path Traversal The `scripts/render.js` script reads an input file specified by `inputPath` from the command line using `readFileSync(resolve(inputPath), 'utf-8')`. If `inputPath` is user-controlled (as implied by the skill's workflow), an attacker could use path traversal sequences (e.g., `../../../../etc/passwd`) to read arbitrary files on the system. This could lead to sensitive data exfiltration. Before calling `readFileSync`, the `inputPath` argument must be strictly validated and sanitized. Ensure that the resolved path is canonicalized and restricted to an expected, sandboxed directory (e.g., `/tmp/`) using functions like `path.basename` or by verifying that the resolved path is a child of the allowed directory. | LLM | scripts/render.js:70 | |
| HIGH | Arbitrary File Write via Path Traversal The `scripts/render.js` script writes the generated SVG (which is then converted to PNG) to an output file path (`outputPath`) provided as a command-line argument using `writeFileSync(outputPath, svg)`. If `outputPath` is user-controlled, an attacker could use path traversal sequences (e.g., `../../../../etc/malicious_config`) to write arbitrary content to arbitrary locations on the system. This could lead to overwriting critical system files, injecting malicious configurations, or achieving denial of service. Before calling `writeFileSync`, the `outputPath` argument must be strictly validated and sanitized. Ensure that the resolved path is canonicalized and restricted to an expected, sandboxed directory (e.g., `/tmp/`) using functions like `path.basename` or by verifying that the resolved path is a child of the allowed directory. | LLM | scripts/render.js:79 | |
| MEDIUM | Unpinned npm dependency version Dependency '@resvg/resvg-js' is not pinned to an exact version ('^2.6.2'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/a-anand-91119/excalidraw/scripts/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/254a37a0a5ca4f20)
Powered by SkillShield