Trust Assessment
korail-manager-final received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 4 critical, 1 high, 5 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Missing required field: name, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Hardcoded Korail Login Credentials The skill's Python scripts contain hardcoded default Korail login credentials (ID and password). If the environment variables KORAIL_ID and KORAIL_PW are not set, these default credentials will be used. This poses a severe security risk as these credentials could be exposed if the skill package is publicly shared or if an attacker gains access to the skill's code. Remove hardcoded default credentials. Ensure that KORAIL_ID and KORAIL_PW are always loaded from secure environment variables or a secrets management system, without fallback to hardcoded values. | LLM | scripts/cancel.py:7 | |
| CRITICAL | Hardcoded Korail Login Credentials The skill's Python scripts contain hardcoded default Korail login credentials (ID and password). If the environment variables KORAIL_ID and KORAIL_PW are not set, these default credentials will be used. This poses a severe security risk as these credentials could be exposed if the skill package is publicly shared or if an attacker gains access to the skill's code. Remove hardcoded default credentials. Ensure that KORAIL_ID and KORAIL_PW are always loaded from secure environment variables or a secrets management system, without fallback to hardcoded values. | LLM | scripts/search.py:15 | |
| CRITICAL | Hardcoded Korail Login Credentials The skill's Python scripts contain hardcoded default Korail login credentials (ID and password). If the environment variables KORAIL_ID and KORAIL_PW are not set, these default credentials will be used. This poses a severe security risk as these credentials could be exposed if the skill package is publicly shared or if an attacker gains access to the skill's code. Remove hardcoded default credentials. Ensure that KORAIL_ID and KORAIL_PW are always loaded from secure environment variables or a secrets management system, without fallback to hardcoded values. | LLM | scripts/watch.py:29 | |
| CRITICAL | Hardcoded Telegram Bot Token and Chat ID The `scripts/watch.py` file contains a hardcoded Telegram bot token and chat ID. This allows anyone with access to the skill's code to use the bot token to send messages via the Telegram API, potentially impersonating the bot or exfiltrating data to the hardcoded chat. Remove hardcoded Telegram bot token and chat ID. Ensure these values are loaded from secure environment variables or a secrets management system, without fallback to hardcoded values. | LLM | scripts/watch.py:31 | |
| HIGH | Hardcoded AES Encryption Key and IV for Login Data The `lib/korail2/korail2.py` library uses a hardcoded AES key (`E2C73B5F8A004C8C`) and IV (`E2C73B5F8A004C8C`) to encrypt login data. While this encryption is part of the payload sent to the Korail API, the presence of a hardcoded key means that the encryption provides no confidentiality against an attacker who has access to the code. This makes the encrypted data easily decryptable. Furthermore, the credentials appear to be sent plaintext in other fields of the same login payload, rendering this encryption redundant and misleading. If the Korail API requires this specific encryption, it indicates a design flaw in the API itself. If possible, avoid using this encryption method if credentials are sent plaintext elsewhere. If the encryption is critical and the key must be secret, it should be derived securely or loaded from a secure source, not hardcoded. The primary remediation is to secure the credentials before they reach this library. | LLM | lib/korail2/korail2.py:209 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/lonehades/korail-manager-final/lib/korail2/korail2.py:20 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/lonehades/korail-manager-final/SKILL.md:1 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lonehades/korail-manager-final/lib/korail2/korail2.py:10 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/lonehades/korail-manager-final/scripts/watch.py:5 | |
| MEDIUM | Unpinned Python Dependencies The `dependencies` section in `SKILL.md` specifies Python packages (`requests`, `pycryptodome`) without pinning them to specific versions. This can lead to supply chain vulnerabilities such as dependency confusion, typosquatting, or unexpected breaking changes if a new, potentially malicious, or incompatible version of a dependency is released and automatically installed. Pin all Python dependencies to exact versions (e.g., `requests==2.28.1`, `pycryptodome==3.15.0`). Regularly review and update these pinned versions to incorporate security patches. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/6345b478da091f07)
Powered by SkillShield