Trust Assessment
feishu-image received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Suspicious dotenv package version indicates potential typosquatting The `package.json` specifies `dotenv: "^17.2.3"`. As of the current date, the official `dotenv` package on npm has a latest major version of `16.x.x`. The existence of a `17.x.x` version strongly suggests that this dependency might be a malicious typosquatting package designed to mimic the legitimate `dotenv` library. Such packages can lead to credential harvesting, command injection, or other forms of compromise if installed and executed. Verify the `dotenv` package source and replace with the legitimate `dotenv` package, ensuring the correct version (e.g., `^16.0.0` or a specific `16.x.x` version). Audit the system for any compromise if this package was installed and executed. | LLM | package.json:7 | |
| HIGH | Arbitrary file read vulnerability via `--image` argument The `send.js` script takes an `--image` argument, which is used to construct a `filePath` that is then read using `fs.readFileSync`. If an untrusted source (e.g., an LLM generating the command) can control the value of `--image`, it could specify paths to sensitive files (e.g., `/etc/passwd`, `.env` files, private keys). The content of these files would then be read into memory and potentially sent to the Feishu API. While the Feishu API might reject non-image content, the act of reading and attempting to exfiltrate sensitive data is a significant risk. Additionally, error messages from `fs.readFileSync` could leak information about file existence or permissions. Implement stricter validation for the `--image` argument. Consider restricting file paths to a specific directory (e.g., a temporary upload directory) or validating file extensions/MIME types *before* reading the file content. If possible, use a file picker or a more controlled mechanism for file selection rather than direct path input. Ensure the execution environment has minimal necessary file system permissions. | LLM | send.js:96 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/autogame-17/feishu-image/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^14.0.3'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/autogame-17/feishu-image/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/autogame-17/feishu-image/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/4dfd054427265ce1)
Powered by SkillShield