Trust Assessment
moments-generator received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Direct Shell Execution with Unsanitized User Input, Arbitrary File Read via User-Controlled Configuration Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Shell Execution with Unsanitized User Input The `SKILL.md` explicitly instructs the agent to execute a `node` command (`node /path/to/generate.js <config.json> <output.png>`) where both `<config.json>` and `<output.png>` are user-controlled arguments. This direct shell execution, combined with the arbitrary file read and write vulnerabilities in the `generate.js` script, creates a critical command injection vector. An attacker can craft malicious file paths or potentially inject shell commands if the execution environment allows it, leading to arbitrary code execution or severe data manipulation. Avoid direct shell execution with user-controlled arguments. If shell execution is absolutely necessary, ensure all arguments are rigorously validated, sanitized, and ideally quoted to prevent shell metacharacter injection. Consider using a more secure API or a sandboxed execution environment for the skill. | LLM | SKILL.md:30 | |
| HIGH | Arbitrary File Read via User-Controlled Configuration Path The `generate.js` script directly uses the first command-line argument (`configPath`) in `fs.readFileSync` without validation or sanitization. An attacker can provide a path to any file on the filesystem (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), causing the skill to read its contents. Although `JSON.parse` might fail for non-JSON files, the act of reading the file constitutes a data exfiltration risk. Implement strict validation and sanitization for `configPath`. Restrict file access to a designated, sandboxed directory and prevent path traversal (`..`). | LLM | scripts/generate.js:49 | |
| HIGH | Arbitrary File Read via User-Controlled Image Paths The `config.avatar` and `config.images` fields within the user-provided JSON configuration are used to load image files via `sharp()`. An attacker can specify paths to arbitrary files on the filesystem, leading to the skill attempting to read and process their contents. This poses a data exfiltration risk, as sensitive files could be read. Validate and sanitize all image paths provided in the configuration. Restrict image file access to a designated, sandboxed directory and prevent path traversal (`..`). | LLM | scripts/generate.js:190 | |
| HIGH | Arbitrary File Write via User-Controlled Output Path The `generate.js` script directly uses the second command-line argument (`outputPath`) as the destination for the generated image file via `sharp(...).toFile()`. An attacker can specify an arbitrary path (e.g., `/tmp/malicious.png`, `../../../../etc/malicious_config`) to write a file to any location on the filesystem. This could lead to overwriting critical system files, filling up disk space, or placing malicious content in unexpected locations, constituting a command injection and excessive permissions risk. Implement strict validation and sanitization for `outputPath`. Restrict file writing to a designated, sandboxed output directory and prevent path traversal (`..`). | LLM | scripts/generate.js:250 | |
| MEDIUM | Unpinned npm dependency version Dependency 'pureimage' is not pinned to an exact version ('^0.4.12'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/autogame-17/moments-generator/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/4ffb665c5b2f6c6a)
Powered by SkillShield