Trust Assessment
meetgeek received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via meetgeek-cli arguments, Arbitrary file write vulnerability via transcript export, Unpinned `npm` dependency `meetgeek-cli`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via meetgeek-cli arguments The `meetgeek.sh` wrapper script passes all arguments directly to the `meetgeek` executable using `exec meetgeek "$@"`. If the underlying `meetgeek-cli` tool (an external `npm` package) does not properly sanitize or escape user-provided arguments before processing them or passing them to subprocesses, a malicious user could inject arbitrary shell commands. For example, if a meeting ID or search query is not sanitized, an input like `"; rm -rf /"` could lead to arbitrary code execution. Implement robust input validation and sanitization for all user-provided arguments before passing them to `meetgeek-cli`. If `meetgeek-cli` itself is the source of the vulnerability, consider wrapping its calls with a more secure method that explicitly defines and validates each argument, rather than using `"$@"`. | LLM | meetgeek.sh:3 | |
| HIGH | Arbitrary file write vulnerability via transcript export The skill's documentation explicitly shows the `meetgeek transcript <meeting-id> -o <file-path>` command, allowing users to specify an arbitrary output file path. This functionality, combined with the `meetgeek.sh` script passing arguments directly, creates a vulnerability where a malicious user could: 1. Write sensitive meeting transcripts to an attacker-controlled location (e.g., a publicly accessible web directory) for data exfiltration. 2. Overwrite critical system files (e.g., `/etc/passwd`, `/root/.ssh/authorized_keys`) if the process has sufficient permissions, potentially leading to privilege escalation or system compromise. Restrict the output file paths to a predefined, secure directory (e.g., a sandboxed temporary directory or a user-specific directory with strict permissions). Do not allow arbitrary file paths from user input. Validate and sanitize the provided path rigorously. | LLM | SKILL.md:44 | |
| MEDIUM | Unpinned `npm` dependency `meetgeek-cli` The skill relies on the `meetgeek-cli` `npm` package, installed globally via `npm install -g meetgeek-cli`. The installation command does not specify a version, meaning it will always install the latest available version. This introduces a supply chain risk: 1. Future updates to `meetgeek-cli` could introduce breaking changes, vulnerabilities, or even malicious code without explicit review by the skill maintainer. 2. If the `meetgeek-cli` package or its upstream dependencies are compromised, the skill would automatically incorporate the malicious code upon installation or update. Pin the version of `meetgeek-cli` to a known good version (e.g., `npm install -g meetgeek-cli@1.2.3`). Regularly review and manually update the pinned version after verifying its integrity and security. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/54ab8ef3483361f8)
Powered by SkillShield