Trust Assessment
reve-ai received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 2 critical, 0 high, 0 medium, and 0 low severity. Key findings include Arbitrary file read and data exfiltration, Arbitrary file write leading to excessive permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary file read and data exfiltration The `loadImageBase64` function reads the content of a file specified by the user via the `-i` (input) option. This content is then base64 encoded and sent as part of the request body to the external Reve AI API. An attacker can specify any file path accessible to the `bun` process (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, environment variable files) and have its content read and potentially exfiltrated to the `api.reve.com` endpoint. This poses a severe risk of sensitive data leakage. Restrict file access to a specific, sandboxed directory. Validate input paths to ensure they are within an allowed directory and do not contain path traversal sequences (e.g., `../`). Consider using a temporary file system or a more secure file handling mechanism if direct user file input is necessary. | LLM | scripts/reve.ts:40 | |
| CRITICAL | Arbitrary file write leading to excessive permissions The `saveImage` function writes the generated image data to a file path specified by the user via the `-o` (output) option. This allows an attacker to write arbitrary image data to any location on the filesystem accessible to the `bun` process. This could lead to overwriting critical system files, placing malicious content in sensitive directories, or filling up disk space, potentially causing denial of service or further compromise. Restrict file write access to a specific, sandboxed output directory. Validate output paths to ensure they are within an allowed directory and do not contain path traversal sequences (e.g., `../`). Implement strict file naming conventions or use temporary files to prevent overwriting existing system files. | LLM | scripts/reve.ts:47 |
Scan History
Embed Code
[](https://skillshield.io/report/6f8db36abc657654)
Powered by SkillShield