Trust Assessment
sfsymbol-generator received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Path traversal allows arbitrary file/directory creation in shell script, Path traversal allows reading arbitrary files in Node.js script, Path traversal allows arbitrary file creation/overwrite in Node.js script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path traversal allows arbitrary file/directory creation in shell script The `scripts/generate.sh` script constructs directory and file paths using user-provided arguments (`symbol_name`, `assets_dir`) without sanitizing for path traversal sequences (e.g., `../../`). An attacker could provide a malicious `symbol_name` or `assets_dir` (e.g., `../../../../tmp/evil`) to create directories or write files (`.symbolset` directory, `.svg` file, `Contents.json`) to arbitrary locations on the filesystem. This could lead to denial of service, overwriting critical system files, or other system compromise. Sanitize all user-provided path components (`symbol_name`, `assets_dir`) to prevent path traversal. Ensure that any constructed path remains strictly within the intended base directory. For `symbol_name`, validate it only contains allowed filename characters and does not contain path separators. For `assets_dir`, resolve it to an absolute path and then verify it's a child of a trusted root. | LLM | scripts/generate.sh:12 | |
| HIGH | Path traversal allows reading arbitrary files in Node.js script The `scripts/generate-from-template.js` script uses `fs.readFileSync` to read the source SVG (`svgPath`) and template SVG (`templateSvgPath`). Both `svgPath` and `templateSvgPath` are derived directly from user-provided command-line arguments (`args[1]` and `args[2]`) or an environment variable (`SFSYMBOL_ASSETS_DIR`) without any path sanitization. An attacker could provide a path like `../../../../etc/passwd` to read arbitrary files from the system, leading to data exfiltration. Sanitize all user-provided file paths (`svgPath`, `templateSvgPath`, `assetsDir`) to prevent path traversal. Use `path.resolve` with a known base directory and then validate that the resolved path is still within the allowed base directory. Alternatively, restrict input to only filenames within a specific, controlled directory. | LLM | scripts/generate-from-template.js:39 | |
| HIGH | Path traversal allows arbitrary file creation/overwrite in Node.js script Based on the skill description ("Creates `<symbol-name>.symbolset` inside the asset catalog Symbols folder. Writes a matching `Contents.json`"), the `scripts/generate-from-template.js` script will eventually write files using paths constructed from `assetsDir` and `symbolName`. Both `assetsDir` (from `args[3]` or `SFSYMBOL_ASSETS_DIR`) and `symbolName` (from `args[0]`) are user-controlled and not sanitized for path traversal sequences (e.g., `../../`). An attacker could provide a malicious `symbolName` or `assetsDir` to create or overwrite arbitrary files on the system, potentially leading to denial of service, privilege escalation, or other system compromise. Sanitize all user-provided path components (`symbolName`, `assetsDir`) to prevent path traversal. Ensure that any constructed path remains strictly within the intended base directory. Use `path.join` and `path.resolve` carefully, followed by validation that the final path is a child of a trusted root directory. | LLM | scripts/generate-from-template.js:10 |
Scan History
Embed Code
[](https://skillshield.io/report/261af50d118266c0)
Powered by SkillShield