Trust Assessment
obekt-security received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 5 critical, 1 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Python file could not be statically analyzed, Configurable Webhook for Data Exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/obekt/obekt-security/scripts/skill_audit.py:30 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/obekt/obekt-security/scripts/threat_scan.py:32 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/obekt/obekt-security/scripts/skill_audit.py:28 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/obekt/obekt-security/scripts/threat_scan.py:30 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/obekt/obekt-security/scripts/threat_scan.py:31 | |
| HIGH | Configurable Webhook for Data Exfiltration The `monitor.py` script is designed to send security alerts, including scan results, to a configurable webhook URL. While the actual HTTP request is currently a `TODO` (placeholder), the `alert_config` structure explicitly supports a `webhook_url`. If the `monitor.json` configuration file or the `--config` argument can be influenced by untrusted input, an attacker could set a malicious `webhook_url` to exfiltrate sensitive scan findings (threats, secrets) to an external server. Ensure that the `monitor.json` configuration file and any command-line arguments providing configuration are loaded from trusted sources only. Implement robust validation and sanitization for the `webhook_url` to prevent arbitrary data exfiltration. Consider whitelisting allowed webhook endpoints or requiring explicit user confirmation for new endpoints. Complete the webhook implementation with secure practices (e.g., HTTPS, authentication). | LLM | scripts/monitor.py:139 | |
| MEDIUM | Python file could not be statically analyzed SyntaxError: invalid syntax (line 23) | Static | skills/obekt/obekt-security/scripts/monitor.py:23 | |
| MEDIUM | Unpinned External Dependency The `monitor.py` script relies on the `watchdog` library, as indicated by the `pip install watchdog` instruction in `SKILL.md`. However, the dependency is not pinned to a specific version in a `requirements.txt` or similar file. This introduces a supply chain risk, as a future malicious update to the `watchdog` package could be automatically installed, compromising the skill's integrity. Pin all external dependencies to specific versions (e.g., `watchdog==0.10.3`) in a `requirements.txt` file. Use a dependency management tool that enforces version pinning and integrity checks. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/ee073d5575715371)
Powered by SkillShield