Trust Assessment
feishu-broadcast received a trust score of 21/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 3 critical, 1 high, 3 medium, and 1 low severity. Key findings include Arbitrary command execution, Missing required field: name, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 16/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/feishu-broadcast/index.js:4 | |
| CRITICAL | Command Injection via User-Controlled Arguments The skill constructs shell commands using user-provided arguments (`--title`, `--image`) and executes them via `child_process.exec`. This allows an attacker to inject arbitrary shell commands by providing malicious input containing shell metacharacters (e.g., `;`, `&&`, `|`). For example, a `--title` argument like `"My Title"; rm -rf /` could lead to critical system compromise. Avoid direct string interpolation of user input into shell commands. Instead, use `child_process.spawn` with an array of arguments, which prevents shell interpretation. If `exec` must be used, thoroughly sanitize or escape all user-controlled input using a library like `shell-quote` or `shlex` before interpolation. | LLM | index.js:50 | |
| CRITICAL | Command Injection via User-Controlled Arguments (Image Path) Similar to the title argument, the `--image` argument is directly interpolated into a shell command executed via `child_process.exec`. An attacker can inject arbitrary shell commands by providing a malicious image path containing shell metacharacters, leading to critical system compromise. Avoid direct string interpolation of user input into shell commands. Instead, use `child_process.spawn` with an array of arguments, which prevents shell interpretation. If `exec` must be used, thoroughly sanitize or escape all user-controlled input using a library like `shell-quote` or `shlex` before interpolation. | LLM | index.js:57 | |
| HIGH | Arbitrary File Read via User-Controlled Path The skill reads the content of a file specified by the `--text-file` argument using `fs.readFileSync`. If an attacker can control this argument, they can specify an arbitrary file path (e.g., `/etc/passwd`, `../../../../.env`) to read sensitive system files or configuration files, leading to data exfiltration. Implement strict validation for file paths provided by user input. Restrict file access to a designated, non-sensitive directory, or use a file upload mechanism that handles files securely rather than direct path input. Ensure paths are resolved safely (e.g., using `path.join` and checking against a base directory) to prevent directory traversal attacks. | LLM | index.js:20 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/autogame-17/feishu-broadcast/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^16.3.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/autogame-17/feishu-broadcast/package.json | |
| MEDIUM | Excessive Permissions: Broad User Data Access The skill's core functionality involves fetching all users in the Feishu tenant using the `getAllUsers` function. While necessary for its stated purpose of broadcasting to 'ALL users', this grants the skill broad access to sensitive user data (e.g., names, IDs). If the skill were compromised, this extensive access could be abused for large-scale data exfiltration of the entire user directory. Review if 'broadcast to ALL users' is strictly necessary. If a narrower scope is acceptable (e.g., specific departments or groups), modify the API calls to fetch only the required users. Implement robust monitoring and access controls around the skill's execution environment to detect and prevent unauthorized access or data exfiltration attempts. | LLM | lib/api.js:100 | |
| LOW | Outdated Dependency: node-fetch@2.7.0 The `node-fetch` dependency is pinned to version `2.7.0`, which is an older major version. While `node-fetch` v2.x still receives critical security fixes, newer major versions (e.g., v3.x or v4.x) often include architectural improvements, better security practices, and address vulnerabilities that might not be backported to older branches. Relying on older versions can increase the risk of encountering known or undiscovered vulnerabilities. Upgrade `node-fetch` to the latest stable major version (e.g., v3.x or v4.x) to benefit from security enhancements, bug fixes, and performance improvements. Ensure compatibility with the rest of the codebase during the upgrade process. | LLM | package-lock.json:64 |
Scan History
Embed Code
[](https://skillshield.io/report/72c2806b033d25e7)
Powered by SkillShield