Trust Assessment
slidespeak received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary File Read via --config argument, Arbitrary File Upload via positional argument, Overly broad 'Bash Read Write' permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via --config argument The `generate-slides` command in `scripts/slidespeak.mjs` uses `fs.readFileSync(args.config, 'utf-8')` where `args.config` is directly controlled by user input. This allows an attacker to specify an arbitrary file path on the system (e.g., `/etc/passwd`, `/app/skills/sensitive_data.json`). The content of this file is then read and included in the JSON body of the API request to `slidespeak.co`, leading to data exfiltration. Implement strict validation for the `args.config` path. Only allow files from a designated, isolated directory, or enforce a whitelist of allowed file extensions and locations. Avoid directly using user-supplied paths for file system operations without sanitization. | LLM | scripts/slidespeak.mjs:149 | |
| HIGH | Arbitrary File Upload via positional argument The `upload` command in `scripts/slidespeak.mjs` takes a file path as a positional argument (`args._[0]`). This `filePath` is directly used with `fs.createReadStream` (implied by the context of an 'upload' command and `fs.existsSync` check) to read the file. This allows an attacker to specify an arbitrary file path on the system (e.g., `/etc/shadow`, `/app/skills/another_skill/api_key.txt`). The content of this file is then read and uploaded to the SlideSpeak API, leading to data exfiltration. Implement strict validation for the `filePath`. Only allow files from a designated, isolated directory, or enforce a whitelist of allowed file extensions and locations. Avoid directly using user-supplied paths for file system operations without sanitization. | LLM | scripts/slidespeak.mjs:175 | |
| MEDIUM | Overly broad 'Bash Read Write' permissions The skill declares `Bash Read Write` permissions, granting it the ability to execute arbitrary shell commands and read/write any file on the system. While the current script uses file system operations (e.g., `fs.readFileSync`, `fs.createReadStream`, `fs.writeFileSync`), these operations are directly exploitable due to user-controlled paths (as identified in other findings). Even if the script were perfectly secure, granting such broad permissions significantly increases the attack surface, making it vulnerable to future modifications or other unforeseen exploits. Restrict permissions to the absolute minimum required. If file system access is needed, consider more granular permissions (e.g., `Filesystem Read` for specific directories, `Filesystem Write` for temporary directories) rather than blanket `Bash Read Write`. For this skill, if the file operations were properly sandboxed, `Bash Read Write` might not be strictly necessary, or could be scoped down. | LLM | SKILL.md:2 |
Scan History
Embed Code
[](https://skillshield.io/report/56abb439c12fabfc)
Powered by SkillShield