Trust Assessment
meshy-ai received a trust score of 44/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 2 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Potential data exfiltration: file read + network send, Local file content exfiltration via Meshy API.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'download' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/sabatesduran/clawdbot-meshyai-skill/scripts/meshy_client.py:110 | |
| HIGH | Local file content exfiltration via Meshy API The `image_to_3d_obj.py` script allows users to specify a local image file path via the `--image` argument. The `file_to_data_uri` function in `meshy_client.py` reads the content of this file, base64 encodes it, and sends it as part of the `image_url` payload to the Meshy API. An attacker could provide a path to any readable file on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `../../.env`), leading to its content being exfiltrated to the Meshy service (or an attacker-controlled `MESHY_BASE_URL`). Implement strict validation for the `--image` argument to ensure the path points to a file within an allowed, sandboxed directory (e.g., a temporary upload directory) and is not an arbitrary system path. Alternatively, restrict the skill to only accept image URLs, or implement a secure file upload mechanism that doesn't expose arbitrary file system access. | LLM | scripts/image_to_3d_obj.py:40 | |
| HIGH | Meshy API Key vulnerable to exfiltration via MESHY_BASE_URL override The `meshy_client.py` script retrieves the `MESHY_API_KEY` from environment variables and includes it in the Authorization header for all API requests. The `MESHY_BASE_URL` can also be overridden via an environment variable. If an attacker can control the `MESHY_BASE_URL` environment variable, they can redirect all API calls, including those containing the `MESHY_API_KEY`, to an arbitrary server. This allows an attacker to harvest the `MESHY_API_KEY` by pointing the base URL to their own controlled endpoint. Prevent overriding `MESHY_BASE_URL` with arbitrary values. If custom endpoints are required, implement a whitelist of allowed URLs or ensure that the `MESHY_API_KEY` is only sent to the official Meshy API endpoint. For skills, it's generally safer to hardcode API endpoints or use a secure configuration management system that validates URLs. | LLM | scripts/meshy_client.py:39 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/sabatesduran/clawdbot-meshyai-skill/scripts/meshy_client.py:24 | |
| MEDIUM | Arbitrary output directory allows writing to sensitive locations Both `image_to_3d_obj.py` and `text_to_image.py` scripts accept an `--out-dir` argument, allowing a user to specify any directory on the file system for saving generated assets. While `os.path.join` is used to construct the full path and `os.makedirs(..., exist_ok=True)` creates the directory, an attacker could specify a sensitive system directory (e.g., `/etc/cron.d`, `/var/www/html`) to write files. Although the filenames (`model.obj`, `image_1.png`) are fixed, writing to arbitrary system directories could lead to denial of service, privilege escalation, or other compromises depending on the target system's configuration and permissions. Restrict the `--out-dir` argument to a designated, sandboxed output directory (e.g., a subdirectory within the skill's own workspace or a temporary directory). Do not allow arbitrary paths. Validate and sanitize the input path to prevent directory traversal attacks. | LLM | scripts/image_to_3d_obj.py:79 |
Scan History
Embed Code
[](https://skillshield.io/report/f253acf8b7b5a480)
Powered by SkillShield