Trust Assessment
kicad-pcb received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 2 critical, 2 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Unpinned Python Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/g0head/kicad-pcb/scripts/kicad_pcb.py:110 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/g0head/kicad-pcb/scripts/kicad_pcb.py:112 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_kicad_cli'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/g0head/kicad-pcb/scripts/kicad_pcb.py:110 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_kicad_cli'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/g0head/kicad-pcb/scripts/kicad_pcb.py:112 | |
| MEDIUM | Unpinned Python Dependencies The skill specifies Python dependencies ('pillow', 'cairosvg') without pinning them to specific versions. This can lead to supply chain vulnerabilities if a future version of these libraries introduces a security flaw, breaking changes, or unexpected behavior. It also hinders reproducible installations. Pin Python dependencies to specific versions (e.g., 'pillow==9.0.0 cairosvg==2.7.0') to ensure reproducible and secure installations. Update 'skill.json' accordingly. | LLM | SKILL.md:39 | |
| MEDIUM | Configurable External Tool Path Allows Command Execution Risk The skill's configuration file (`~/.kicad-pcb/config.json`) allows the user to specify the `kicad_path`. If an attacker can modify this configuration file (e.g., through a separate vulnerability or social engineering), they could set `kicad_path` to point to a malicious executable. When the skill then calls `subprocess.run` with this path, it would execute the attacker-controlled program with the user's privileges. Although the provided Python snippet does not explicitly show `KICAD_CLI` being overridden by the config, the presence of `kicad_path` in the example config in `SKILL.md` strongly suggests this capability. If `kicad_path` is intended to be configurable, validate the path to ensure it points to a legitimate KiCad executable before execution. Alternatively, restrict the ability to override `KICAD_CLI` from the configuration file, relying only on `shutil.which` or a hardcoded, trusted path. | LLM | SKILL.md:219 | |
| LOW | Plaintext Storage of Email in Configuration The skill's configuration file (~/.kicad-pcb/config.json) stores the user's email address in plaintext for PCBWay integration. While email is not as critical as API keys, storing any sensitive information in plaintext can pose a risk if the user's home directory is compromised or if the file is inadvertently exposed. For sensitive information like email or potential API keys (if implemented), consider using more secure storage mechanisms (e.g., environment variables, OS-specific credential stores) instead of plaintext configuration files. If plaintext storage is necessary, ensure the file permissions are restrictive. | LLM | SKILL.md:212 |
Scan History
Embed Code
[](https://skillshield.io/report/903d0bf673fc0ece)
Powered by SkillShield