Trust Assessment
openrouter-transcribe received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 0 medium, and 1 low severity. Key findings include Sensitive path access: AI agent config, Arbitrary File Write via unquoted output path, Prompt Injection via user-controlled prompt.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Write via unquoted output path The script allows the user to specify an output file path (`$out`) using the `--out` option. This path is then directly used in an `echo "$transcript" > $out` command without being properly quoted. An attacker can inject shell metacharacters (e.g., `"; rm -rf /tmp; #"`) into the `$out` variable, leading to arbitrary command execution. Additionally, even without shell injection, an attacker can specify an arbitrary file path (e.g., `/etc/passwd`) to overwrite or create files with the content of the transcription, leading to privilege escalation or denial of service. Always double-quote variables used as file paths in shell commands (e.g., `echo "$transcript" > "$out"`). Additionally, restrict the output file path to a designated, sandboxed directory (e.g., a temporary directory or a user-specific output directory). Do not allow arbitrary file paths. If writing to arbitrary paths is required, implement strict path sanitization and validation, and ensure the script runs with minimal necessary permissions. | LLM | scripts/transcribe.sh:100 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/obviyus/openrouter-transcribe/SKILL.md:39 | |
| HIGH | Prompt Injection via user-controlled prompt The script takes a user-provided string via the `--prompt` option and directly inserts it into the `messages` array sent to the OpenRouter API. This allows an attacker to inject malicious instructions into the LLM's prompt, potentially overriding system instructions, extracting sensitive information processed by the LLM, or causing the LLM to generate harmful content. Implement prompt sanitization or use a templating approach that separates user input from system instructions. If the LLM supports it, use dedicated parameters for user input rather than concatenating it directly into the main prompt. Consider adding a "guard rail" LLM to filter potentially malicious prompts. | LLM | scripts/transcribe.sh:69 | |
| LOW | Information Disclosure via user-controlled HTTP headers The script allows users to set `X-Title` and `HTTP-Referer` headers via `--title` and `--referer` options. While these are intended for tracking in OpenRouter, an attacker could potentially inject sensitive information into these headers, which might then be logged or exposed in the OpenRouter dashboard. This is a low severity issue as the user is explicitly providing the data, but it's worth noting that these fields are user-controlled and sent over the network. While the user is providing the data, it's good practice to sanitize or validate inputs for HTTP headers to prevent accidental or malicious injection of unexpected characters or data. For example, restrict the content to alphanumeric characters and a few safe symbols. | LLM | scripts/transcribe.sh:80 |
Scan History
Embed Code
[](https://skillshield.io/report/55de712de5a351a8)
Powered by SkillShield