Trust Assessment
otter received a trust score of 21/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 0 critical, 5 high, 2 medium, and 1 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'main' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/dbhurley/otter/scripts/otter.py:327 | |
| HIGH | Potential data exfiltration: file read + network send Function 'upload' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/dbhurley/otter/scripts/otter.py:141 | |
| HIGH | Direct password handling for unofficial API The skill requires the user's Otter.ai email and password, which are then used directly for authentication with an unofficial Otter.ai API. Storing and transmitting plain-text passwords, especially to an unofficial endpoint, significantly increases the risk of credential compromise. This is explicitly noted in the SKILL.md as 'Uses unofficial Otter.ai API'. Implement OAuth or API token-based authentication if available from Otter.ai. If direct password is the only option, strongly advise users of the risks and recommend using a dedicated app password or a less sensitive account. Avoid storing passwords in environment variables directly. | LLM | scripts/otter.py:29 | |
| HIGH | Arbitrary file upload capability The `upload` command in `scripts/otter.py` allows a user to specify an arbitrary `filepath` which is then opened and uploaded to an S3 bucket. If a malicious actor or a compromised LLM can control the `filepath` argument, they could instruct the skill to read and exfiltrate any file accessible to the agent's execution environment. Restrict the `filepath` argument to a specific, sandboxed directory or a predefined set of allowed file types/locations. Implement strict input validation and sanitization for file paths. Consider requiring explicit user confirmation for uploads of sensitive file types or from non-standard locations. | LLM | scripts/otter.py:149 | |
| HIGH | Reliance on unofficial API for sensitive data The skill explicitly states it uses an "unofficial Otter.ai API" for all interactions, including login with user credentials and handling of potentially sensitive audio and transcript data. This introduces a significant data exfiltration and privacy risk as the security, reliability, and data handling practices of this unofficial endpoint are not guaranteed by Otter.ai and are outside the user's direct control. Strongly advise users of the risks associated with unofficial APIs. Recommend seeking official API support or alternative solutions. Implement clear warnings about data privacy implications. | LLM | SKILL.md:109 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/dbhurley/otter/scripts/otter.py:22 | |
| MEDIUM | Unpinned Python dependency version Dependency 'requests>=2.28.0' is not pinned to an exact version. Pin Python dependencies with exact versions where feasible. | Dependencies | skills/dbhurley/otter/pyproject.toml | |
| LOW | Unpinned dependencies in pyproject.toml The `pyproject.toml` specifies dependencies (`requests`, `requests-toolbelt`) using minimum version specifiers (`>=`). This means that future installations could pull in newer, potentially unvetted versions of these libraries, which might introduce vulnerabilities, breaking changes, or unexpected behavior. Pin dependencies to exact versions (e.g., `requests==2.28.0`) to ensure deterministic builds and prevent unexpected updates. Regularly review and update dependencies to incorporate security patches. | LLM | pyproject.toml:6 |
Scan History
Embed Code
[](https://skillshield.io/report/bf6f5c03e0b08a8f)
Powered by SkillShield