Trust Assessment
sentry-mode-skill received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 22 findings: 11 critical, 1 high, 9 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings22
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-mode.js:16 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:21 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch.js:18 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-mode.js:79 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-mode.js:97 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-mode.js:122 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-mode.js:245 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:378 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:537 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch.js:155 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch.js:330 | |
| HIGH | Command Injection via unsanitized user input in ffmpeg command The `sentry-mode.js` script constructs an `ffmpeg` command string by directly interpolating `this.duration` into the command. `this.duration` is derived from `options.duration`, which is user-controlled input (e.g., via the `--duration` command-line argument). If `options.duration` contains shell metacharacters (e.g., `;`, `|`, `&`), an attacker could inject and execute arbitrary shell commands on the host system. The code does not validate or sanitize `options.duration` to ensure it is a safe numerical value before use in `execSync`. Validate `options.duration` to ensure it is a positive integer before interpolating it into the shell command. A more robust solution is to use `child_process.spawn` with an array of arguments, which prevents shell interpretation of individual arguments. For example: `spawn('ffmpeg', ['-f', 'avfoundation', '-i', '0', '-t', String(this.duration), '-y', videoFile], { stdio: 'pipe' })`. | LLM | scripts/sentry-mode.js:60 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:51 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:69 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:89 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:107 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:125 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:143 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:158 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/voice-devotional/sentry-mode-skill/scripts/sentry-watch-v2.js:196 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/snail3d/voice-devotional/sentry-mode-skill/SKILL.md:1 | |
| INFO | Data Exfiltration to Third-Party AI Service The skill's core functionality involves capturing webcam video and images from the user's environment and sending them to a third-party AI service (Claude vision API) for analysis. While this is explicitly stated in the `SKILL.md` and is a design choice, it represents a significant flow of potentially sensitive visual data outside the local environment. Users should be fully aware of the privacy implications and the data handling policies of the external AI service. Ensure comprehensive and transparent user consent mechanisms are in place, clearly outlining what data is collected, how it's processed, and with whom it's shared. Provide easy access to the privacy policies of all third-party services involved. While the `SKILL.md` addresses this, reinforcing it in the user interface or initial setup is recommended to ensure user awareness. | LLM | SKILL.md:130 |
Scan History
Embed Code
[](https://skillshield.io/report/498d30e8863d2455)
Powered by SkillShield