Trust Assessment
local-stt received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 1 critical, 4 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/araa47/local-stt/scripts/local-stt.py:158 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/araa47/local-stt/scripts/local-stt.py:158 | |
| HIGH | Potential data exfiltration: file read + network send Function 'send_to_matrix' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/araa47/local-stt/scripts/local-stt.py:105 | |
| HIGH | Unpinned Python Dependencies The skill's Python dependencies are not pinned to specific versions. This introduces a supply chain risk where a malicious update to any of the listed packages (or their transitive dependencies) could be automatically installed and executed. An attacker could publish a backdoored version of a dependency, leading to compromise of the skill and the agent. Pin all Python dependencies to exact versions (e.g., `package==1.2.3`) to ensure deterministic builds and prevent unexpected malicious updates. Regularly review and update these pinned versions. | LLM | scripts/local-stt.py:4 | |
| HIGH | Command Injection via ffmpeg Argument The `audio_file` argument, which is derived from user-controlled input (`{{MediaPath}}`), is directly passed to `subprocess.run` for `ffmpeg` execution. While `subprocess.run` with a list of arguments generally prevents shell injection, `ffmpeg` itself can be vulnerable to argument injection. If `audio_file` starts with a hyphen (`-`) or contains other special characters, `ffmpeg` might interpret it as an option rather than a literal filename. This could allow an attacker to inject arbitrary `ffmpeg` options, potentially leading to arbitrary file writes, resource exhaustion, information disclosure, or even arbitrary command execution if `ffmpeg` has specific vulnerabilities. Sanitize the `audio_file` path before passing it to `ffmpeg`. A robust solution would be to ensure the path is always treated as a literal filename by `ffmpeg`. This can often be achieved by prepending `./` to relative paths, converting to an absolute path, or using `ffmpeg`'s specific input options that guarantee literal interpretation. For example, ensure the path is properly quoted or escaped for `ffmpeg`'s parsing rules, or use a library that safely wraps `ffmpeg` calls. | LLM | scripts/local-stt.py:138 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/araa47/local-stt/scripts/local-stt.py:68 |
Scan History
Embed Code
[](https://skillshield.io/report/b902a9e4c8f44fa2)
Powered by SkillShield