Trust Assessment
larksuite-wiki received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Arbitrary File Write via output_dir parameter, Hardcoded default API credentials.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via output_dir parameter The skill allows writing files to an arbitrary location on the host system. The `output_dir` argument, taken directly from user input (or LLM instruction), is used to construct file paths without sufficient validation or restriction. An attacker could specify a path outside the intended skill directory (e.g., `/etc/`, `../../sensitive_data/`), potentially overwriting system files, writing to sensitive locations, or exfiltrating data by writing it to an accessible public directory. Restrict the `output_dir` to a designated, sandboxed directory (e.g., a subdirectory within the skill's workspace). Validate the `output_dir` to ensure it does not contain path traversal sequences (`../`) or absolute paths outside the allowed scope. Consider using a dedicated output directory that is managed by the agent framework and is not directly controllable by arbitrary user input. | LLM | larksuite-wiki.py:400 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ryanhong666/larksuite-wiki/larksuite-wiki.py:9 | |
| MEDIUM | Hardcoded default API credentials The `LarkWikiClient` class initializes `app_id` and `app_secret` with hardcoded default values if environment variables `LARK_APP_ID` and `LARK_APP_SECRET` are not set. While the manifest indicates these should be provided via environment variables, the fallback to hardcoded values is a security risk. If these hardcoded values are valid, they represent a credential leak. Even if they are dummy values, it is poor practice as it prevents the skill from failing gracefully when required credentials are not provided, potentially leading to confusion or unexpected behavior. Remove the hardcoded default values. Instead, if `os.getenv` returns `None`, raise an error explicitly stating that `LARK_APP_ID` and `LARK_APP_SECRET` environment variables are required. This forces the user to provide their own credentials and prevents the use of potentially shared or insecure defaults. | LLM | larksuite-wiki.py:20 |
Scan History
Embed Code
[](https://skillshield.io/report/4bf5619b041dfcb0)
Powered by SkillShield