Trust Assessment
korail-manager received a trust score of 24/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 0 critical, 0 high, 11 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Missing required field: name, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 44/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/lonehades/korail-manager/lib/korail2/korail2.py:20 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/lonehades/korail-manager/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lonehades/korail-manager/lib/SRT/SRT/netfunnel.py:3 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lonehades/korail-manager/lib/SRT/SRT/srt.py:5 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lonehades/korail-manager/lib/SRT/netfunnel.py:3 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lonehades/korail-manager/lib/SRT/srt.py:5 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lonehades/korail-manager/lib/korail2/korail2.py:10 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lonehades/korail-manager/scripts/srt_watch.py:5 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lonehades/korail-manager/scripts/watch.py:5 | |
| MEDIUM | Unpinned Python dependency version Dependency 'requests' is not pinned to an exact version. Pin Python dependencies with exact versions where feasible. | Dependencies | skills/lonehades/korail-manager/lib/SRT/pyproject.toml | |
| MEDIUM | Vendored Libraries Introduce Supply Chain Risk The skill includes copies of external Python libraries (`korail2` and `SRTrain`) directly within its `lib/` directory instead of managing them as proper dependencies (e.g., via `pip` and `requirements.txt`). This practice, known as vendoring, means that these libraries will not automatically receive security updates or patches from their upstream projects. The skill maintainer is solely responsible for monitoring upstream projects (e.g., `TaehoonKim/korail2` and `ryanking13/SRT`) for vulnerabilities and manually updating the vendored copies. If these vendored libraries contain unpatched vulnerabilities, the skill could be compromised, leading to potential data breaches or other security incidents. The `pyproject.toml` in `lib/SRT` indicates `SRTrain` is from `ryanking13/SRT`, confirming it's an external project. Consider managing these libraries as proper dependencies with version pinning in a `requirements.txt` or `pyproject.toml` file, allowing for easier updates and vulnerability scanning. If vendoring is necessary, implement a clear process for regularly checking for and applying security updates from the upstream projects to the vendored copies. | LLM | scripts/cancel.py:12 | |
| INFO | Handling of Sensitive Credentials and Data The skill requires and processes sensitive user credentials (Korail/SRT login IDs and passwords) and API tokens (Telegram bot token, Slack webhook URL). These are loaded from environment variables or a `.env` file. The skill uses these credentials to log into external train reservation services and to send reservation-related notifications (including train details, departure/arrival, date, time) to user-configured Telegram and Slack channels. While this is the intended functionality of the skill, users should be aware that their sensitive login information and reservation data are handled and transmitted by the skill to external services. The Telegram bot token is included in the API request URL, which is standard for Telegram but means it could be exposed if network traffic is not adequately secured (though HTTPS is used). Ensure all external API communications use HTTPS (which `requests` does by default). Advise users to secure their `.env` files and be aware of the data shared with notification services. Consider using more secure methods for token handling if available (e.g., environment variables only, not `.env` files if deployed in a sensitive environment). | LLM | scripts/watch.py:40 |
Scan History
Embed Code
[](https://skillshield.io/report/c48a30daa9c93bd9)
Powered by SkillShield