Trust Assessment
historical-data-manager received a trust score of 61/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Potential pyodbc connection string injection, Arbitrary file read vulnerability in `read_primavera_xer`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential pyodbc connection string injection The `extract_from_database_export` method constructs a `pyodbc` connection string using an f-string: `conn_str = f'DRIVER={{Microsoft Access Driver (*.mdb, *.accdb)}};DBQ={file_path}'`. If the `file_path` argument is sourced from untrusted input without proper validation, an attacker could inject additional connection string parameters (e.g., `;UID=admin;PWD=password;`) to potentially bypass authentication, access unauthorized data, or manipulate the driver's behavior. This constitutes a command injection risk into the ODBC driver. Implement strict validation and sanitization of the `file_path` argument to ensure it only contains a valid file path and no malicious characters or connection string parameters. Consider using a dedicated library for connection string parsing or ensuring the driver explicitly handles `DBQ` as a file path only. | LLM | SKILL.md:130 | |
| HIGH | Arbitrary file read vulnerability in `read_primavera_xer` The `read_primavera_xer` method directly uses the `file_path` argument in an `open()` call: `with open(file_path, 'r', encoding='utf-8') as f:`. If `file_path` is controlled by an untrusted source (e.g., user input or a malicious file list), an attacker could use path traversal techniques (e.g., `../../../../etc/passwd`) to read arbitrary files from the system, leading to data exfiltration. Validate the `file_path` argument to ensure it is within an allowed, sandboxed directory (e.g., using `pathlib.Path.resolve()` and checking against a base directory) and does not contain path traversal sequences. Alternatively, restrict the skill's access to the filesystem. | LLM | SKILL.md:220 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/historical-data-manager/SKILL.md:1 | |
| MEDIUM | Unpinned dependencies in `pip install` command The `pip install` command lists dependencies without specific version pinning (`pandas openpyxl xlrd pyodbc`). This practice can lead to supply chain risks, as future installations might pull in newer, potentially incompatible, or even malicious versions of these libraries if a dependency is compromised or introduces breaking changes. This lack of pinning makes the skill vulnerable to dependency confusion attacks or unexpected behavior changes. Pin all dependencies to specific versions (e.g., `pandas==1.5.3`) to ensure reproducible builds and mitigate risks from unexpected updates or compromised packages. Use a `requirements.txt` file with exact versions and consider using a dependency lock file. | LLM | SKILL.md:265 |
Scan History
Embed Code
[](https://skillshield.io/report/f7d0f2cdb2430808)
Powered by SkillShield