Trust Assessment
skill-creator received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 0 critical, 4 high, 0 medium, and 1 low severity. Key findings include Path Traversal in `init_skill.py` output directory, Path Traversal in `package_skill.py` skill folder argument, Path Traversal in `package_skill.py` output directory argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 38/100, indicating areas for improvement.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal in `init_skill.py` output directory The `init_skill.py` script takes an `--path` argument for the output directory where the new skill will be created. This argument is not sanitized for path traversal sequences (e.g., `../`). An attacker could specify a path like `../../../etc` to create skill files in arbitrary system directories, potentially overwriting existing files or creating new ones in sensitive locations. Sanitize the `--path` argument to prevent path traversal. Ensure the resolved path is within an allowed base directory or validate that it does not contain `..` segments that escape the intended root. | Static | scripts/init_skill.py:30 | |
| HIGH | Path Traversal in `package_skill.py` skill folder argument The `package_skill.py` script takes a `<path/to/skill-folder>` argument, which specifies the directory to be packaged. This argument is not sanitized for path traversal sequences (e.g., `../`). An attacker could specify a path like `../../../etc` to package arbitrary system directories and their contents into the `.skill` archive, leading to data exfiltration. Sanitize the `<path/to/skill-folder>` argument to prevent path traversal. Ensure the resolved path is within an allowed base directory or validate that it does not contain `..` segments that escape the intended root. | Static | scripts/package_skill.py:20 | |
| HIGH | Path Traversal in `package_skill.py` output directory argument The `package_skill.py` script takes an optional `output-directory` argument for where the `.skill` file will be created. This argument is not sanitized for path traversal sequences (e.g., `../`). An attacker could specify a path like `../../../etc` to write the `.skill` file to arbitrary system directories, potentially overwriting existing files or creating new ones in sensitive locations. Sanitize the `output-directory` argument to prevent path traversal. Ensure the resolved path is within an allowed base directory or validate that it does not contain `..` segments that escape the intended root. | Static | scripts/package_skill.py:20 | |
| HIGH | Path Traversal in `quick_validate.py` skill directory argument The `quick_validate.py` script takes a `<skill_directory>` argument to locate the `SKILL.md` file. This argument is not sanitized for path traversal sequences (e.g., `../`). An attacker could specify a path like `../../../etc` to attempt to read `SKILL.md` from arbitrary system directories, leading to information disclosure if a file named `SKILL.md` exists in a sensitive location. Sanitize the `<skill_directory>` argument to prevent path traversal. Ensure the resolved path is within an allowed base directory or validate that it does not contain `..` segments that escape the intended root. | Static | scripts/quick_validate.py:19 | |
| LOW | Unpinned dependency: `pyyaml` The `quick_validate.py` script imports `yaml` (typically provided by the `pyyaml` package) without a specified version. This introduces a supply chain risk, as a compromise in a future version of `pyyaml` could affect the security of this validation script. While `yaml.safe_load` is used, which mitigates many direct vulnerabilities, unpinned dependencies are a general security best practice concern. Pin the version of `pyyaml` (and other external dependencies) using a `requirements.txt` file or similar dependency management mechanism. Regularly audit and update pinned dependencies. | Static | scripts/quick_validate.py:9 |
Scan History
Embed Code
[](https://skillshield.io/report/3f2d27a1d088aa4c)
Powered by SkillShield