Trust Assessment
rvt-to-ifc received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Potential Command Injection via External Executable Arguments, Excessive Filesystem and Arbitrary Program Execution Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted External Executable and PATH-based Lookup The skill critically relies on an external executable, `RVT2IFCconverter.exe`, whose origin, integrity, and security posture are not specified. This introduces a significant supply chain risk, as the security of the skill is dependent on an unverified third-party binary. Furthermore, the default `converter_path` is a bare executable name (`"RVT2IFCconverter.exe"`), which means the operating system's PATH environment variable will be used to locate it. This is a common attack vector where a malicious executable placed earlier in the PATH could be executed instead of the intended program, leading to arbitrary code execution. Provide a fully qualified, absolute path to the trusted `RVT2IFCconverter.exe` to prevent PATH-based lookup vulnerabilities. Ideally, include a mechanism to verify the integrity of the executable (e.g., checksum validation) before execution. Document the source and version of the external executable and ensure it is regularly updated and scanned for vulnerabilities. Consider bundling the trusted executable with the skill package in a secure manner. | LLM | SKILL.md:95 | |
| HIGH | Potential Command Injection via External Executable Arguments The skill executes an external program (`RVT2IFCconverter.exe`) using `subprocess.run`. User-controlled inputs such as `rvt_file`, `output_path`, and components of the `config` string (e.g., `site_placement`) are passed directly as arguments to this external executable. If the external executable does not properly sanitize or escape these arguments, a malicious user could inject arbitrary commands or manipulate the executable's behavior by crafting special characters or flags within the input file paths or configuration values. While `subprocess.run` with a list of arguments is generally safer against shell injection, it does not protect against argument injection vulnerabilities in the target executable itself. Implement robust input validation and sanitization for all user-controlled arguments passed to the external executable. If possible, ensure the external executable itself is designed to safely handle arbitrary input strings. Consider using a wrapper or sandboxing the external process if its argument parsing behavior cannot be fully trusted. | LLM | SKILL.md:105 | |
| HIGH | Excessive Filesystem and Arbitrary Program Execution Permissions The skill has broad access to the local filesystem, including reading arbitrary files (`rvt_file`, `ifc_file`), listing directories and their contents recursively (`folder_path.glob('**/*.rvt')`), and creating directories (`out_dir.mkdir`). More critically, it executes an external program (`RVT2IFCconverter.exe`) whose path (`converter_path`) can be specified by the user. This combination of broad filesystem access and arbitrary program execution capability grants significant power, allowing the skill to potentially read, write, or execute files anywhere on the system, posing a high risk if compromised or misused. Restrict filesystem access to only necessary directories (e.g., a dedicated working directory). Limit the ability to specify arbitrary executable paths; instead, use a known, verified executable path or enforce a whitelist of allowed executables. Implement sandboxing or containerization for the execution environment to isolate the skill's operations and prevent unauthorized system access. | LLM | SKILL.md:95 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/rvt-to-ifc/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/dce144913b1d46f1)
Powered by SkillShield