Trust Assessment
play-music received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Suspicious import: socket, Arbitrary File Permission Modification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Permission Modification The `LOCK_FILE` path is configurable via the `MUSIC_LOCK_FILE` environment variable. The script then attempts to set world-writable permissions (`0o666`) on this file using `os.chmod()`. An attacker who can control the `MUSIC_LOCK_FILE` environment variable could specify an arbitrary file path on the system, leading to that file's permissions being changed to world-writable. This could be exploited for privilege escalation or system tampering. Do not allow `LOCK_FILE` to be configurable via an environment variable, or restrict it to a secure, non-user-writable directory. Never set world-writable permissions (`0o666`) on files, especially if the file path can be influenced by untrusted input. Use more restrictive permissions (e.g., `0o600`) if a lock file is necessary. | LLM | music-server.py:30 | |
| HIGH | Data Exfiltration and Excessive Permissions via Configurable Music Directory The `MUSIC_DIR` is configurable via the `MUSIC_DIR` environment variable. This directory is used by the `list_music_files` function to list available songs and by `play_music` to load files. If an attacker can control the `MUSIC_DIR` environment variable, they could set it to a sensitive system directory (e.g., `/etc`, `/root`, `/home/user/.ssh`). This would allow the `list_music_files` command to exfiltrate the names of files in that sensitive directory, and the `play_music` function to attempt to read files from it, potentially accessing data it should not. Restrict `MUSIC_DIR` to a specific, non-sensitive subdirectory within the skill's own installation path. Implement strict validation for the `MUSIC_DIR` path to ensure it remains within an allowed sandbox and does not point to sensitive system locations. Do not allow arbitrary paths via environment variables for directories that are then read from. | LLM | music-server.py:22 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/awspace/play-music/SKILL.md:1 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/awspace/play-music/music-server.py:10 | |
| MEDIUM | Path Traversal Vulnerability in Song Name The `song_name` parameter, which is taken directly from client input, is concatenated with `MUSIC_DIR` to form the `song_path`. While `MUSIC_DIR` itself is a vulnerability (see above), even if `MUSIC_DIR` is secure, `song_name` could contain path traversal sequences (e.g., `../`, `../../etc/passwd`). This could allow an attacker to attempt to load and 'play' (read) arbitrary files outside the intended `MUSIC_DIR`. Although `pygame.mixer.music.load` is designed for audio, attempting to load non-audio files could still reveal their existence or trigger errors that provide information. Sanitize `song_name` to remove any path separators (`/`, `\`) or path traversal sequences (`..`). Ensure `song_name` only contains valid filename characters. Alternatively, resolve the path using `Path.resolve()` and explicitly check if the resolved path is still a child of the `MUSIC_DIR` using `Path.is_relative_to()` or similar secure path validation techniques. | LLM | music-server.py:52 |
Scan History
Embed Code
[](https://skillshield.io/report/f71fc80c6ddc47ed)
Powered by SkillShield