Trust Assessment
recraft received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Suspicious import: requests, Path Traversal via Output Filename.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal via Output Filename The script directly uses user-provided `args.filename` to construct the output path for saving images. A malicious user could supply a path like `../../../etc/malicious_file.png` to write arbitrary image data (from the API response) to sensitive locations on the filesystem, potentially overwriting critical files or introducing malicious content. Sanitize the `filename` argument to prevent path traversal. Ensure that the filename is a simple base name or restrict the output path to a designated, secure directory. For example, use `Path(output_dir) / Path(args.filename).name` to ensure the file is written only within `output_dir`. | LLM | scripts/recraft.py:70 | |
| HIGH | Path Traversal via Input File Path Several functions (`cmd_image_to_image`, `cmd_replace_background`, `cmd_vectorize`, `cmd_remove_background`, `cmd_crisp_upscale`, `cmd_creative_upscale`, `cmd_variate`) directly use user-provided `args.input` to open and read files. A malicious user could supply a path like `../../../etc/passwd` to read arbitrary files from the filesystem, potentially leading to data exfiltration if the content is then processed or sent to an external service. Sanitize the `input` argument to prevent path traversal. Ensure that the input path is restricted to a designated, secure directory or validate that it does not contain directory traversal sequences (e.g., `../`). | LLM | scripts/recraft.py:120 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/nkrcrft/recraft/scripts/recraft.py:259 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/nkrcrft/recraft/scripts/recraft.py:29 | |
| LOW | Unpinned Dependency Version The `requests` dependency is specified as `requests>=2.31.0`. While this sets a minimum version, it does not pin to an exact version. This could lead to unexpected behavior or security vulnerabilities if a future minor version introduces breaking changes or new vulnerabilities, even if `requests` is generally a well-maintained library. Pin dependencies to exact versions (e.g., `requests==2.31.0`) to ensure reproducible builds and prevent unexpected changes from upstream packages. Use a lock file mechanism (like `uv.lock` or `pip freeze > requirements.txt`) to manage exact versions. | LLM | scripts/recraft.py:4 |
Scan History
Embed Code
[](https://skillshield.io/report/f545c8537a3c666c)
Powered by SkillShield