Trust Assessment
flyworks-avatar-video received a trust score of 53/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 3 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'upload_file' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/linhui99/flyworks-avatar-video/scripts/hifly_client.py:143 | |
| HIGH | Arbitrary Local File Upload Leading to Data Exfiltration The `scripts/hifly_client.py` script allows users to specify local file paths for `--audio` and `--image` arguments. The `upload_file` function, called by `handle_media_input`, reads the content of these specified local files and uploads them to the remote API endpoint `hfw-api.hifly.cc`. A malicious user or a compromised LLM could exploit this to exfiltrate sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, API keys, etc.) from the agent's execution environment. Implement strict validation and sanitization for user-provided file paths. Restrict file access to a designated, isolated directory (e.g., a temporary upload folder) and prevent access to arbitrary system paths. Consider using a file picker or requiring explicit user confirmation for uploads of local files. If direct file path input is necessary, ensure the path is within an allowed sandbox and does not contain directory traversal sequences (e.g., `../`). | LLM | scripts/hifly_client.py:119 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/linhui99/flyworks-avatar-video/scripts/hifly_client.py:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/linhui99/flyworks-avatar-video/requirements.txt:1 | |
| MEDIUM | Unpinned Dependency in requirements.txt The `requirements.txt` file specifies the `requests` package without a version pin. This can lead to supply chain vulnerabilities, as future installations might pull in a newer, potentially incompatible, or even malicious version of the dependency. This could introduce breaking changes, security flaws, or allow for dependency confusion attacks if a malicious package with the same name is published. Pin the `requests` dependency to a specific version (e.g., `requests==2.28.1`) or use a version range with an upper bound (e.g., `requests>=2.28.1,<3.0.0`). Regularly review and update pinned dependencies. | LLM | requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/e282b88a7395856c)
Powered by SkillShield