Trust Assessment
remotion-excalidraw-tts received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 3 critical, 3 high, 4 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, Arbitrary command execution, Credential harvesting.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jack4world/remotion-excalidraw-tts/scripts/make_video.py:15 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jack4world/remotion-excalidraw-tts/scripts/make_video.py:24 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/jack4world/remotion-excalidraw-tts/scripts/make_video.py:76 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/jack4world/remotion-excalidraw-tts/scripts/make_video.py:76 | |
| HIGH | Dangerous call: subprocess.check_call() Call to 'subprocess.check_call()' detected in function 'run'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/jack4world/remotion-excalidraw-tts/scripts/make_video.py:15 | |
| HIGH | Dangerous call: subprocess.check_output() Call to 'subprocess.check_output()' detected in function 'ffprobe_duration_seconds'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/jack4world/remotion-excalidraw-tts/scripts/make_video.py:24 | |
| MEDIUM | Unpinned npm dependency version Dependency '@excalidraw/excalidraw' is not pinned to an exact version ('^0.18.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/jack4world/remotion-excalidraw-tts/assets/template/remotion-project/package.json | |
| MEDIUM | API Keys exposed in command line arguments The OpenAI and ElevenLabs API keys are passed directly as part of `curl` command line arguments. These arguments can be visible to other processes on the system (e.g., via `ps aux`), potentially leading to credential exposure. It is recommended to pass sensitive information via environment variables or secure methods that do not expose them in the process list. Modify the `curl` commands to pass API keys more securely, for example, by using a Python HTTP client library (like `requests`) or by passing the header via a file descriptor to `curl` to avoid command line exposure. | LLM | scripts/make_video.py:100 | |
| MEDIUM | API Keys exposed in command line arguments The OpenAI and ElevenLabs API keys are passed directly as part of `curl` command line arguments. These arguments can be visible to other processes on the system (e.g., via `ps aux`), potentially leading to credential exposure. It is recommended to pass sensitive information via environment variables or secure methods that do not expose them in the process list. Modify the `curl` commands to pass API keys more securely, for example, by using a Python HTTP client library (like `requests`) or by passing the header via a file descriptor to `curl` to avoid command line exposure. | LLM | scripts/make_video.py:130 | |
| MEDIUM | Potential command injection via user-provided output path to `npx remotion render` The `--out` argument, which is a user-provided path (`args.out`), is passed directly to `npx remotion render`. Although `subprocess.check_call` is used with a list of arguments (mitigating basic shell injection), `npx` or `remotion render` might still interpret special characters within the path as commands or options, leading to unintended execution or file manipulation. Sanitize the `out_mp4` path to ensure it only contains safe characters for a filename, or ensure `remotion render` is robust against such inputs. Consider using a library or function that strictly validates file paths. | LLM | scripts/make_video.py:199 |
Scan History
Embed Code
[](https://skillshield.io/report/841e22dfbacb6147)
Powered by SkillShield