Trust Assessment
render-stl-png received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Arbitrary file read via STL path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary file read via STL path The skill's Python script `scripts/render_stl_png.py` directly uses the user-provided `stl_path` argument in `open(path, "rb")`. An attacker can supply a path like `../../../../etc/passwd` to read arbitrary files on the system. This vulnerability is exposed via the `IN_STL` argument of the `render_stl_png.sh` wrapper script. Sanitize user-provided file paths to ensure they are within an allowed, restricted directory (e.g., using `os.path.abspath` and checking against a base directory, or using a dedicated file system access control mechanism). Do not allow `../` sequences in paths. | LLM | scripts/render_stl_png.py:125 | |
| HIGH | Arbitrary file write via output PNG path The skill's Python script `scripts/render_stl_png.py` (within the `render` function) directly uses the user-provided `out_path` argument for `Image.save()`. An attacker can supply a path like `../../../../tmp/malicious.png` (or even `/etc/cron.d/malicious`) to write arbitrary files to the system, potentially leading to data corruption or remote code execution. This vulnerability is exposed via the `OUT_PNG` argument of the `render_stl_png.sh` wrapper script. Sanitize user-provided file paths to ensure they are within an allowed output directory (e.g., using `os.path.abspath` and checking against a base directory). Do not allow `../` sequences in paths. | LLM | scripts/render_stl_png.py:200 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/ajmwagar/render-stl-png/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/ajmwagar/render-stl-png/scripts/render_stl_png.sh:14 | |
| MEDIUM | Unpinned dependency in wrapper script The `scripts/render_stl_png.sh` wrapper script installs the `pillow` package using `pip install pillow` without specifying a version. This makes the skill vulnerable to supply chain attacks if a malicious version of `pillow` is published to PyPI, as the skill would automatically install the latest (potentially compromised) version. Pin the dependency to a specific, known-good version (e.g., `pip install pillow==X.Y.Z`) or use a `requirements.txt` file with pinned versions and hashes for better supply chain security. | LLM | scripts/render_stl_png.sh:20 |
Scan History
Embed Code
[](https://skillshield.io/report/d249c0714e82c870)
Powered by SkillShield