Trust Assessment
note-article-publisher received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Potential Command Injection via CLI Arguments, Sensitive Credentials Handled; Risk of Leakage.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via CLI Arguments The skill's CLI tool (`dist/cli.js`) is designed to accept user-provided strings for arguments such as `--title`, `--tags`, `--input`, and `--cover-image`. If these arguments are not rigorously sanitized and escaped before being used in internal shell commands (e.g., via `child_process.exec` or `spawn` with `shell: true` in Node.js), an attacker could craft malicious input to inject and execute arbitrary shell commands on the host system. For instance, a specially crafted `--title` argument could break out of the intended command and execute unauthorized code. Ensure that all user-provided arguments (`--input`, `--title`, `--tags`, `--cover-image`) are strictly sanitized and properly escaped before being incorporated into any internal shell commands within `dist/cli.js`. Prefer using `child_process.spawn` with an array of arguments over `child_process.exec` or `shell: true` to prevent shell interpretation of user input. | LLM | SKILL.md:30 | |
| HIGH | Sensitive Credentials Handled; Risk of Leakage The skill requires and handles sensitive credentials (`NOTE_SESSION`, `NOTE_EMAIL`, `NOTE_PASSWORD`) which are configured via environment variables. While the `SKILL.md` advises against logging these values, the actual implementation of `dist/cli.js` is not provided to verify adherence to this critical security practice. There is a significant risk that these credentials could be inadvertently logged, displayed in output, or exfiltrated if the skill's code does not strictly enforce secure handling, leading to unauthorized access to the user's note.com account. Implement strict logging and output policies within `dist/cli.js` to ensure that no sensitive credentials (session cookies, email, password) are ever logged, displayed, or transmitted. Access environment variables securely and avoid passing credentials as direct arguments to other processes or functions where they might be exposed. | LLM | SKILL.md:44 | |
| HIGH | Unverified Playwright Navigation Restrictions The skill utilizes Playwright for browser automation, a powerful tool that, if misused, can lead to severe security vulnerabilities. The `SKILL.md` explicitly states that 'Playwright navigation must stay on `https://note.com/*` — reject external redirects.' However, the implementation of `dist/cli.js` is not available to verify that this crucial security control is effectively enforced. Without robust URL validation and redirection blocking, the automated browser could be maliciously redirected to arbitrary external websites, potentially leading to phishing attacks, data exfiltration from the user's local environment, or other browser-based exploits. Ensure `dist/cli.js` strictly validates all navigation URLs within the Playwright script. Implement explicit mechanisms to block or warn about any attempts to navigate outside of the `https://note.com/*` domain. This includes preventing redirects and ensuring all resource loads (images, scripts, etc.) originate from trusted domains or are properly sandboxed. | LLM | SKILL.md:53 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sa9saq/note-article-publisher/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/0911e73119e389fa)
Powered by SkillShield