Trust Assessment
google-sheet-api received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 2 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Node lockfile missing, Arbitrary File Read via '@' prefix in input arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Read via '@' prefix in input arguments The `jsonFromArg` function, used by several commands (e.g., `append`, `write`, `batch`), allows loading JSON data from a file path specified by prefixing the argument with `@`. This means a malicious actor could provide an argument like `@/etc/passwd` or `@/path/to/sensitive/file.json` to read arbitrary files from the filesystem. The content of these files would then be processed by `JSON.parse` (which might error out for non-JSON files, but the file content is still read) and potentially included in the output or error messages, leading to data exfiltration. Restrict file reading to a designated, secure directory (e.g., a temporary directory or a skill-specific data directory) or implement a whitelist of allowed file paths. Alternatively, remove the file-reading capability for user-provided arguments if not strictly necessary, or implement robust path sanitization and validation to prevent directory traversal attacks. For example, ensure `filePath` is within a specific, non-sensitive subdirectory. | LLM | scripts/sheets-cli.js:135 | |
| MEDIUM | Unpinned npm dependency version Dependency 'googleapis' is not pinned to an exact version ('^140.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/codedao12/google-sheet-api/package.json | |
| MEDIUM | Unpinned `googleapis` dependency and missing `package-lock.json` The `package.json` specifies the `googleapis` dependency using a caret (`^`) version range (`^140.0.0`). This allows npm to install any `140.x.x` version, which can lead to non-deterministic builds and introduce vulnerabilities if a future minor or patch release of `googleapis` (or its transitive dependencies) contains malicious code or a security flaw. The absence of a `package-lock.json` further exacerbates this risk by not guaranteeing consistent dependency resolution across different environments or deployment times. Pin dependencies to exact versions (e.g., `"googleapis": "140.0.0"`) and include a `package-lock.json` file in the repository. Regularly audit and update dependencies to ensure security patches are applied. | LLM | package.json:10 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/codedao12/google-sheet-api/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/f55bd5d21459dcbc)
Powered by SkillShield