Trust Assessment
office-quotes received a trust score of 49/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Suspicious import: urllib.request, Arbitrary File Write via Path Traversal in Output Format.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/gumadeiras/office-quotes/scripts/office-quotes.js:11 | |
| HIGH | Arbitrary File Write via Path Traversal in Output Format The `office-quotes.js` script constructs an output file path using a user-controlled argument (`--format`). The `outputFormat` variable, taken directly from `process.argv`, is used to determine the file extension for the screenshot. If `outputFormat` contains path traversal sequences (e.g., `../../malicious.png`), the `toLowerCase()` call does not sanitize these characters. The `replace` method then substitutes the original file extension with the malicious path, allowing the generated image to be written to an arbitrary location on the filesystem. This could lead to data exfiltration (e.g., writing screenshots to web-accessible directories) or denial of service (e.g., overwriting critical system files). Sanitize the `outputFormat` argument to ensure it only contains valid file extensions and does not include any path traversal characters (e.g., `.` or `/`). A whitelist of allowed extensions (e.g., 'png', 'jpg', 'webp', 'svg') should be enforced, and any input not matching these should be rejected or defaulted. For example, validate `ext` against a regex like `^[a-z]+$` before using it in path construction. | LLM | scripts/office-quotes.js:98 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/gumadeiras/office-quotes/scripts/svg2png.py:5 | |
| INFO | Unpinned Dependency Version in Manifest The `clawdbot` manifest specifies the `office-quotes-cli` npm package without a pinned version. This means that `npm install -g office-quotes-cli` will always install the latest available version. While convenient, this introduces a supply chain risk as a future malicious update or breaking change to the `office-quotes-cli` package could be automatically installed, potentially compromising the skill or its environment. Best practice is to pin dependencies to specific versions or ranges. Specify a precise version or a version range for the `office-quotes-cli` package in the `clawdbot` manifest (e.g., `"package": "office-quotes-cli@1.2.3"` or `"package": "office-quotes-cli@^1.2.0"`). Regularly review and update pinned dependencies. | LLM | SKILL.md:4 |
Scan History
Embed Code
[](https://skillshield.io/report/b7ca1960740bb38b)
Powered by SkillShield