Trust Assessment
feishu-calendar-tool received a trust score of 16/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 2 critical, 1 high, 8 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Sensitive environment variable access: $USER, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Malicious 'dotenv' package detected The skill's `package.json` and `package-lock.json` specify `dotenv` version `^17.2.3` and `17.2.4` respectively. The legitimate `dotenv` package is currently at version `~16.x.x`. Version `17.x.x` is a known typosquatting attack that can contain malicious code. This poses a severe supply chain risk. Replace the malicious `dotenv` package with the legitimate one. Update `package.json` to `"dotenv": "^16.x.x"` (e.g., `"dotenv": "^16.4.5"`) and then run `npm install` to update `package-lock.json`. | LLM | package-lock.json:13 | |
| CRITICAL | Command Injection via unvalidated user input in 'date -d' The shell scripts `bin/create-event.sh` and `bin/list-events.sh` directly use user-provided arguments (`$START_TIME`, `$END_TIME`, `$DATE_PARAM`) within the `date -d "$VAR"` command without proper sanitization. An attacker can inject arbitrary shell commands by providing malicious input for these arguments, leading to remote code execution. Sanitize all user-provided arguments before passing them to shell commands. For `date -d`, ensure the input strictly conforms to expected date/time formats and does not contain shell metacharacters. Consider using a safer date parsing utility or validating input with regular expressions. | LLM | bin/create-event.sh:39 | |
| HIGH | Unescaped user input in JSON payload for 'curl -d' The shell script `bin/create-event.sh` embeds user-provided arguments (`$SUMMARY`, `$DESCRIPTION`) directly into a JSON string within a `curl -d` command without proper JSON escaping. If these inputs contain double quotes (`"`), backslashes (`\`), or other special JSON characters, the JSON payload will be malformed, causing the API call to fail or behave unexpectedly. While not a direct shell injection, it can lead to denial of service or data integrity issues. Before embedding user-provided strings into JSON payloads, ensure they are properly JSON-escaped. This typically involves replacing `"` with `\"`, `\` with `\\`, and handling other control characters. A robust solution would be to use a JSON library or tool (e.g., `jq -n --arg summary "$SUMMARY" --arg description "$DESCRIPTION" '{summary: $summary, description: $description}'`) to construct the JSON payload. | LLM | bin/create-event.sh:46 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/sunnull/feishu-calendar-tool/bin/auto-setup.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/sunnull/feishu-calendar-tool/bin/create-event.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/sunnull/feishu-calendar-tool/bin/delete-event.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/sunnull/feishu-calendar-tool/bin/list-events.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/sunnull/feishu-calendar-tool/bin/setup.sh:7 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/sunnull/feishu-calendar-tool/bin/setup.sh:45 | |
| MEDIUM | Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^17.2.3'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/sunnull/feishu-calendar-tool/package.json | |
| MEDIUM | Sensitive credentials exposed in process list The shell scripts (`bin/auto-setup.sh`, `bin/create-event.sh`, `bin/delete-event.sh`, `bin/list-events.sh`) pass `APP_ID` and `APP_SECRET` directly as arguments to `curl` commands when requesting `tenant_access_token`. These credentials can be visible in the system's process list (`ps aux`) to other users on the same system, leading to credential exposure. Avoid passing sensitive credentials directly as command-line arguments. Instead, use environment variables that are unset immediately after use, or read credentials from a secure file descriptor. For `curl`, consider using the `--data-binary @-` option to pipe the JSON payload from stdin, or use a temporary file with restricted permissions. | LLM | bin/auto-setup.sh:40 |
Scan History
Embed Code
[](https://skillshield.io/report/e5476549859bcc00)
Powered by SkillShield