Trust Assessment
file-repair-skill received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via User-Provided File Path, Command Injection via User-Provided File Path (Download Mode).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via User-Provided File Path The skill constructs a shell command using a user-provided file path without apparent sanitization or escaping. An attacker can inject arbitrary shell commands by providing a malicious file path string (e.g., `'; rm -rf /;'`). This allows for arbitrary code execution on the host system. The user-provided file path must be properly sanitized and escaped for shell execution. Prefer using a command execution mechanism that does not invoke a shell (e.g., `subprocess.run` with `shell=False` in Python, or `child_process.execFile` in Node.js, passing arguments as an array) to prevent shell metacharacter interpretation. If a shell must be used, ensure the path is quoted and escaped for the specific shell. | LLM | SKILL.md:30 | |
| CRITICAL | Command Injection via User-Provided File Path (Download Mode) Similar to the primary repair command, the download mode command also uses a user-provided file path directly in a shell command. This creates another vector for command injection, allowing an attacker to execute arbitrary commands on the host system. The user-provided file path must be properly sanitized and escaped for shell execution. Prefer using a command execution mechanism that does not invoke a shell (e.g., `subprocess.run` with `shell=False` in Python, or `child_process.execFile` in Node.js, passing arguments as an array) to prevent shell metacharacter interpretation. If a shell must be used, ensure the path is quoted and escaped for the specific shell. | LLM | SKILL.md:40 | |
| HIGH | Excessive Permissions: Local File System Access and Arbitrary Command Execution The skill explicitly requests access to 'local file path (in the environment you can access)' and executes a local Node.js script. When combined with the command injection vulnerability, this grants the skill excessive permissions, allowing it to read, write, or delete arbitrary files, and execute arbitrary commands on the host system. Mitigate the command injection vulnerability first. Additionally, consider sandboxing the execution environment for the Node.js script and restricting its file system access to only necessary directories. Implement strict input validation for file paths to ensure they refer to expected file types and locations, and do not contain directory traversal sequences. | LLM | SKILL.md:10 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/ilpvc/file-repair-skill/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/9ab33dc805b32143)
Powered by SkillShield