Trust Assessment
smtp-send received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Path Traversal in Attachment Handling, Excessive File System Access via Attachments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Path Traversal in Attachment Handling The `scripts/send_email.py` script allows arbitrary file paths to be specified via the `--attachments` command-line argument. The script then attempts to open and read these files without any path sanitization or validation. This allows an attacker to craft a malicious file path (e.g., `../../../../etc/passwd`) to read sensitive files from the system and exfiltrate them via email. This is a severe data exfiltration vulnerability. Implement robust path sanitization and validation for the `--attachments` argument. Restrict attachment paths to a designated safe directory or ensure that paths do not contain directory traversal sequences (e.g., `..`). Consider using `os.path.abspath` combined with `os.path.commonprefix` or `pathlib.Path.resolve()` to ensure paths are within an allowed base directory. | LLM | scripts/send_email.py:100 | |
| HIGH | Excessive File System Access via Attachments The skill grants broad file system read access through the `--attachments` parameter, allowing it to read any file accessible by the user running the script. This capability is not restricted to specific directories or file types, which constitutes excessive permissions and can be abused for data exfiltration, especially when combined with the path traversal vulnerability. Limit the scope of file access for attachments. If possible, restrict attachments to a specific, sandboxed directory. Alternatively, implement strict validation to ensure that only files explicitly intended for attachment (e.g., user-uploaded files in a temporary directory) can be accessed, preventing arbitrary file reads. | LLM | scripts/send_email.py:100 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/xiwan/smtp-send/scripts/send_email.py:39 |
Scan History
Embed Code
[](https://skillshield.io/report/c363ca3b6991812c)
Powered by SkillShield