Trust Assessment
protoss-voice received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 4 critical, 5 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Arbitrary File Write via Path Traversal.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/vemec/protoss-voice/protoss_fx.py:62 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/vemec/protoss-voice/protoss_fx.py:86 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/vemec/protoss-voice/protoss_fx.py:101 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/vemec/protoss-voice/protoss_fx.py:104 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'apply_protoss_effect'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/vemec/protoss-voice/protoss_fx.py:62 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'apply_protoss_effect'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/vemec/protoss-voice/protoss_fx.py:86 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'apply_protoss_effect'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/vemec/protoss-voice/protoss_fx.py:101 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'apply_protoss_effect'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/vemec/protoss-voice/protoss_fx.py:104 | |
| HIGH | Arbitrary File Write via Path Traversal The script constructs the output file path by appending a suffix to the input file path, without sanitizing for directory traversal sequences (`../`). An attacker can provide an `input_file` like `../../../etc/passwd` which would cause the script to attempt to write `../../../etc/passwd_psionic` to the filesystem, potentially overwriting or creating files in sensitive system directories. This grants excessive permissions to the skill, allowing it to write files outside its intended scope. Sanitize the `input_file` path to prevent directory traversal. Before constructing `output_file`, extract only the base filename using `os.path.basename()` and then construct the output path within a controlled directory (e.g., the current working directory or a designated output directory). If the intent is to write to the original input file's directory, robust path validation is required to ensure the target directory is safe and within an allowed scope. Example of a safer construction: ```python input_file = sys.argv[1] safe_base_filename = os.path.basename(input_file) # Prevents path traversal base_name, ext = os.path.splitext(safe_base_filename) output_file = os.path.join(os.getcwd(), f"{base_name}_psionic{ext}") # Writes to current working directory ``` | LLM | protoss_fx.py:127 |
Scan History
Embed Code
[](https://skillshield.io/report/821cd27a61b602af)
Powered by SkillShield