Trust Assessment
health-guardian received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Arbitrary File Access via Configurable Data Source Path, Resource Exhaustion from Malicious ZIP File Processing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Access via Configurable Data Source Path The `scripts/import_health.py` script determines its `health_export_path` from the `data_source` field in `config.json`. If an attacker can modify the `config.json` file, they can set `data_source` to an arbitrary directory on the file system. This would allow the skill to read and process files (e.g., CSVs, JSONs, or ZIPs) from any location accessible to the agent, leading to excessive permissions and potential data exfiltration or information disclosure. While the skill does not directly expose `config.json` modification to the LLM, a compromised `config.json` represents a significant risk due to this broad file access capability. Restrict the `data_source` configuration to a predefined set of safe directories or enforce strict validation to ensure it points only to expected user data export locations, ideally within the skill's own data directory or a sandboxed user data directory. Avoid allowing arbitrary paths. | LLM | scripts/import_health.py:200 | |
| HIGH | Resource Exhaustion from Malicious ZIP File Processing The `scripts/import_health.py` script processes ZIP archives found within the `health_export_path`. As identified in the previous finding, this path can be configured to an arbitrary location via `config.json`. If a malicious ZIP file (e.g., a zip bomb) is placed in a directory accessible to the agent and configured as the `data_source`, the script's attempt to open and read its contents using `zipfile.ZipFile` and `z.open()` could lead to excessive memory or CPU consumption. This could result in a denial of service for the agent or the underlying system, as the script decompresses file members into memory without apparent size checks. In addition to restricting the `data_source` path, implement checks for archive size and individual member sizes (both compressed and uncompressed) before decompression. Abort processing if the decompression ratio is too high or the uncompressed size of a member exceeds a reasonable, predefined limit to prevent resource exhaustion attacks. | LLM | scripts/import_health.py:100 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/ctsolutionsdev/egvert-health-guardian/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/cdc1af3fd3ad5dc1)
Powered by SkillShield