Trust Assessment
feishu-card received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 8 critical, 2 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/feishu-card/handle_event.js:16 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/feishu-card/send_safe.js:4 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/feishu-card/test.js:3 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/feishu-card/handle_event.js:19 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/feishu-card/send_safe.js:42 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/autogame-17/feishu-card/test.js:27 | |
| CRITICAL | Command Injection via untrusted event payload in handle_event.js The `handle_event.js` script directly interpolates `userOpenId` and `menuKey` from an untrusted `eventPayload` into a shell command executed via `child_process.execSync`. Although wrapped in double quotes, these variables can be crafted to inject arbitrary shell commands, leading to remote code execution. For example, if `userOpenId` contains `"; rm -rf /; echo "`, it would execute `rm -rf /`. Refactor the code to use `child_process.spawn` or `child_process.execFile` with an array of arguments, which prevents shell interpretation of untrusted input. Alternatively, if `execSync` must be used, ensure all untrusted inputs are rigorously sanitized or escaped for the shell context (e.g., using a library like `shell-quote`). | LLM | handle_event.js:17 | |
| CRITICAL | Command Injection via untrusted CLI arguments in send_safe.js The `send_safe.js` script constructs a shell command string using `options.target`, `options.color`, and `options.title` (all derived from untrusted command-line arguments) and executes it via `child_process.execSync`. Despite being double-quoted, these arguments can be manipulated with shell metacharacters to inject and execute arbitrary commands. For example, if `options.target` contains `"; rm -rf /; echo "`, it would execute `rm -rf /`. Refactor `send_safe.js` to directly import and call the `sendCard` function from `send.js` instead of invoking it via `execSync`. This eliminates the shell execution layer. If `execSync` is strictly necessary, use `child_process.spawn` or `child_process.execFile` with an array of arguments, or rigorously sanitize/escape all untrusted inputs for the shell. | LLM | send_safe.js:32 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/autogame-17/feishu-card/test.js:28 | |
| HIGH | Arbitrary file read via --text-file and --image-path arguments The `send.js` and `send_persona.js` scripts allow reading arbitrary files from the filesystem via the `--text-file` and `--image-path` command-line arguments. An attacker controlling these arguments can specify paths to sensitive files (e.g., `/etc/passwd`, `../../.env`, `~/.ssh/id_rsa`) and have their content processed or potentially exfiltrated through the Feishu card message. While `send.js` includes a `scanForSecrets` function, it's not exhaustive and only prevents *known* secret patterns from being sent, not the reading of the file itself. Implement strict path validation and sanitization for `--text-file` and `--image-path` arguments. Restrict file access to a designated, sandboxed directory (e.g., `temp/` or a skill-specific data directory) and prevent traversal outside this directory. If broader file access is intended, clearly document the security implications and ensure the skill runs with minimal necessary filesystem permissions. | LLM | send.js:79 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/autogame-17/feishu-card/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^13.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/autogame-17/feishu-card/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/3d1d9d6154d31efc)
Powered by SkillShield