Trust Assessment
mxe received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 3 high, 1 medium, and 2 low severity. Key findings include Missing required field: name, Node lockfile missing, Potential Data Exfiltration via Clipboard.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via Clipboard The skill allows copying content from local files or downloaded web articles directly to the system clipboard using the `-f clipboard` option. If the LLM is prompted to process a sensitive local file or URL and then use this option, the content could be exfiltrated to the host system's clipboard, potentially accessible to other processes or the LLM itself. Restrict the LLM's ability to use the `-f clipboard` option, especially when processing user-controlled or potentially sensitive file paths/URLs. Implement sandboxing or data loss prevention mechanisms to prevent unauthorized data transfer. | LLM | SKILL.md:90 | |
| HIGH | Excessive File System Read Permissions The `mxe` tool can read arbitrary local files specified by the user (e.g., `mxe document.md`). While this is its intended function, it grants broad file system read access. If the LLM is prompted to process sensitive local files (e.g., configuration files, private keys, or other user data) and convert them to an output format (PDF, DOCX, HTML) that can be retrieved, it poses a significant data exfiltration risk. Implement strict file path validation and sandboxing for the `mxe` tool. Limit its access to only explicitly allowed directories or file types. Warn users about processing sensitive local files and ensure the LLM does not inadvertently expose such files. | LLM | SKILL.md:35 | |
| HIGH | Potential Command Injection via Unsanitized Arguments The `mxe` tool is invoked as a shell command. If user-provided input (e.g., filenames, URLs, or other arguments) is directly interpolated into the `mxe` command string without proper sanitization, a malicious user could inject arbitrary shell commands. For example, providing a filename like `my_doc.md; rm -rf /` could lead to unintended command execution if not properly escaped by the LLM before invocation. The LLM should strictly sanitize or validate all user-provided arguments before constructing `mxe` commands. Ensure robust escaping of shell metacharacters to prevent command injection. Consider using a safer API for `mxe` if available, or a dedicated command execution library that handles argument separation securely. | LLM | SKILL.md:35 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/tuanpmt/mxe/SKILL.md:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/tuanpmt/mxe/package.json | |
| LOW | Global npm Dependency Installation The skill's documentation instructs users to install `@mermaid-js/mermaid-cli` globally using `npm i -g`. Global installations can lead to version conflicts, make dependency management more complex, and potentially introduce security risks if the global package becomes compromised or conflicts with other tools. This dependency is not declared in the provided `package.json` for the skill itself. Prefer local dependencies where possible to ensure isolated and reproducible environments. If a global tool is strictly necessary, ensure its integrity and consider isolating its execution environment. The skill's `package.json` should ideally declare all its dependencies, even if they are global tools. | LLM | SKILL.md:98 |
Scan History
Embed Code
[](https://skillshield.io/report/3243491e3a28deb1)
Powered by SkillShield