Trust Assessment
feishu-minutes received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Unpinned npm dependency version, Path Traversal via User-Controlled Output Directory.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Path Traversal via User-Controlled Output Directory The skill constructs an output directory path (`outDir`) using user-provided input (`argv.out` or `token`). While `path.resolve` is used, if `argv.out` is an absolute path, it will be used directly. More critically, if the `token` argument (which is user-controlled) contains path traversal sequences (e.g., `../../`), it can manipulate the default output directory to an arbitrary location on the filesystem. This allows an attacker to write files (`info.json`, `stats.json`, `subtitle.json`, `transcript.md`, `media.mp4`) to any writable directory, potentially overwriting critical system files, writing malicious scripts (e.g., to a cron directory or a user's startup scripts), or exfiltrating data by writing it to a publicly accessible web directory. Sanitize or validate user-provided paths to prevent path traversal. Ensure that `argv.out` and `token` do not contain path separators or absolute path indicators if they are intended to be relative. A robust solution would be to use a library that strictly confines file operations to a designated sandbox directory, or to explicitly check if the resolved path is a child of an allowed base directory. For example, disallow `token` values containing `.` or `/` characters, or use `path.basename` on `token` before joining it to the path. | LLM | index.js:67 | |
| HIGH | Use of Unmaintained `node-fetch` Version The `package.json` and `package-lock.json` specify `node-fetch` version `^2.7.0`. The `node-fetch` 2.x branch is no longer actively maintained, with the last release being 2.7.0 in 2021. Using unmaintained dependencies poses a significant supply chain risk, as any newly discovered vulnerabilities will not be patched, leaving the skill susceptible to known exploits. While `node-fetch@2.7.0` is after some critical vulnerabilities like CVE-2022-0235, the lack of ongoing maintenance means future security issues will not be addressed. Upgrade `node-fetch` to the latest maintained major version (e.g., `^3.x.x`) and ensure all related code is updated to be compatible with the new API. Regularly review and update dependencies to mitigate supply chain risks. | LLM | package.json:10 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/autogame-17/feishu-minutes/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^16.3.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/autogame-17/feishu-minutes/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/e37913335c819d44)
Powered by SkillShield