Trust Assessment
excalidraw received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Potential Path Traversal in file operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Path Traversal in file operations The `render.js` script reads and writes files using paths provided by the LLM (e.g., `/tmp/<name>.excalidraw`, `/tmp/<name>.png`). The `SKILL.md` instructs the LLM to generate these paths, where `<name>` is likely derived from user input. If this `<name>` is not properly sanitized by the LLM, an attacker could inject path traversal sequences (e.g., `../../`) to read or write arbitrary files on the system, leading to data exfiltration, data corruption, or denial of service. The LLM's logic for generating file paths (specifically the `<name>` component) must strictly sanitize any user-provided input to prevent path traversal characters (e.g., `/`, `..`). It should ensure that `<name>` is a simple filename without directory separators. Additionally, the `render.js` script could implement stricter path validation to ensure all file operations occur within expected temporary directories and with safe filenames. | LLM | scripts/render.js:70 | |
| HIGH | Potential Path Traversal in file operations The `render.js` script writes output files using paths provided by the LLM (e.g., `/tmp/<name>.png`). The `SKILL.md` instructs the LLM to generate these paths, where `<name>` is likely derived from user input. If this `<name>` is not properly sanitized by the LLM, an attacker could inject path traversal sequences (e.g., `../../`) to write arbitrary files on the system, leading to data corruption or denial of service. The LLM's logic for generating file paths (specifically the `<name>` component) must strictly sanitize any user-provided input to prevent path traversal characters (e.g., `/`, `..`). It should ensure that `<name>` is a simple filename without directory separators. Additionally, the `render.js` script could implement stricter path validation to ensure all file operations occur within expected temporary directories and with safe filenames. | LLM | scripts/render.js:297 | |
| HIGH | Potential Path Traversal in file operations The `render.js` script writes output files using paths provided by the LLM (e.g., `/tmp/<name>.png`). The `SKILL.md` instructs the LLM to generate these paths, where `<name>` is likely derived from user input. If this `<name>` is not properly sanitized by the LLM, an attacker could inject path traversal sequences (e.g., `../../`) to write arbitrary files on the system, leading to data corruption or denial of service. The LLM's logic for generating file paths (specifically the `<name>` component) must strictly sanitize any user-provided input to prevent path traversal characters (e.g., `/`, `..`). It should ensure that `<name>` is a simple filename without directory separators. Additionally, the `render.js` script could implement stricter path validation to ensure all file operations occur within expected temporary directories and with safe filenames. | LLM | scripts/render.js:300 | |
| MEDIUM | Unpinned npm dependency version Dependency '@resvg/resvg-js' is not pinned to an exact version ('^2.6.2'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/henrino3/ec-excalidraw/scripts/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/f75d1f4b2476d1ba)
Powered by SkillShield