Trust Assessment
olvid-channel received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Cross-skill / cross-tool manipulation, Unpinned npm dependency version, Potential Data Exfiltration via Arbitrary File Send.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Cross-skill / cross-tool manipulation Pre/post tool-use instruction injection Remove cross-tool references from tool descriptions. A tool's description should only document its own behavior, not instruct the agent about other tools. | Manifest | skills/jmartel-olvid/olvid-channel/SKILL.md:49 | |
| HIGH | Potential Data Exfiltration via Arbitrary File Send The `sendMessageOlvid` function in `src/send.ts` accepts `opts.mediaUrls` as an array of file paths and passes them directly to the `@olvid/bot-node`'s `messageSendWithAttachmentsFiles` method. If an AI agent skill can be prompted or manipulated to provide arbitrary file paths (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) as `mediaUrls`, it could lead to the exfiltration of sensitive files from the host system. The `sendMedia` function in `src/channel.ts` directly exposes this capability, taking a `mediaUrl` argument that is then used as a file path. Implement strict validation and sanitization for `mediaUrls` in `src/send.ts` and `src/channel.ts`. Ensure that only files explicitly generated by the agent or previously downloaded by the agent into a secure, sandboxed directory can be sent. Avoid allowing arbitrary file paths from untrusted input. Consider passing file content (e.g., `Buffer`) instead of file paths to the underlying SDK if possible, or ensure the SDK itself has robust path sanitization. | LLM | src/send.ts:40 | |
| MEDIUM | Unpinned npm dependency version Dependency '@olvid/bot-node' is not pinned to an exact version ('^1.5.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/jmartel-olvid/olvid-channel/package.json | |
| MEDIUM | Potential Path Traversal in Attachment Saving The `onMessageReceivedHandler` in `src/monitor.ts` saves inbound attachments to `/tmp/olvid-attachments` using `attachment.save(this, "/tmp/olvid-attachments")`. If the filename embedded within the `datatypes.Attachment` object (which originates from untrusted external input) is not properly sanitized by the `@olvid/bot-node` SDK's `save` method, a malicious sender could craft an attachment with a path traversal filename (e.g., `../../../../etc/malicious_file`) to write files to arbitrary locations outside the intended `/tmp` directory. Verify that the `@olvid/bot-node` SDK's `attachment.save` method performs robust sanitization of filenames to prevent path traversal. If the SDK does not guarantee this, implement explicit filename sanitization before calling `attachment.save`, or provide a fixed, securely generated filename for saving attachments. | LLM | src/monitor.ts:70 |
Scan History
Embed Code
[](https://skillshield.io/report/5fc222a334d5f657)
Powered by SkillShield