Trust Assessment
social-scheduler received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 3 critical, 1 high, 9 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Missing required field: name, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Read via User-Controlled Config Path The `scripts/post.js`, `scripts/thread.js`, and `scripts/upload-media.js` scripts directly use a user-provided command-line argument (`config` or `configPath`) as a file path for `fs.readFileSync` or `fs.readFile`. An attacker can specify an arbitrary file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) to read sensitive files from the system. The content of these files would then be processed as JSON or a direct credential string, potentially leading to exfiltration or further exploitation. Implement strict validation for file paths provided by user input. Instead of directly using user input as a file path, consider using a predefined set of allowed configuration files or requiring credentials to be passed via environment variables or a secure secrets management system. If file paths must be user-defined, ensure they are restricted to a safe, non-sensitive directory and that the file content is validated before parsing. | LLM | scripts/post.js:29 | |
| CRITICAL | Arbitrary File Read via User-Controlled Media Path The `scripts/media.js` module's `loadFromFile` function is used by `scripts/upload-media.js` and `scripts/platforms/telegram.js` with a user-controlled `mediaPath` argument. This allows an attacker to specify an arbitrary file path on the system, leading to the reading and potential exfiltration of sensitive files. For example, an attacker could provide `/etc/passwd` as a media file to be 'uploaded'. Restrict media file paths to a designated upload directory. Do not allow arbitrary file paths from user input. Implement robust path sanitization and validation to prevent directory traversal attacks. Consider using a temporary file storage mechanism that cleans up files after processing. | LLM | scripts/media.js:69 | |
| CRITICAL | Server-Side Request Forgery (SSRF) via User-Controlled URLs The `scripts/media.js` module's `loadFromUrl` function is used by `scripts/upload-media.js` and `scripts/platforms/telegram.js` with a user-controlled URL. Additionally, `scripts/platforms/linkedin.js`, `scripts/platforms/moltbook.js`, and `scripts/platforms/reddit.js` directly use user-provided URLs in their API requests. This allows an attacker to force the server to make requests to arbitrary internal or external URLs, potentially leading to information disclosure (e.g., internal network scanning, access to cloud metadata endpoints) or interaction with internal services. Implement strict URL validation and a whitelist of allowed domains for fetching external resources. Prevent requests to private IP ranges, loopback addresses, and non-HTTP/HTTPS schemes. Consider using a dedicated proxy or service for fetching external content to isolate the main application. | LLM | scripts/media.js:80 | |
| HIGH | Excessive Filesystem Permissions The skill demonstrates broad access to the filesystem using `fs` module functions (`readFileSync`, `writeFileSync`, `readFile`, `mkdirSync`, `existsSync`, `createReadStream`, `unlink`). While some operations are for internal queue management, the identified vulnerabilities (arbitrary file read via config and media paths) indicate that the skill can be coerced into performing unauthorized file operations outside its intended scope. This broad access, combined with user-controlled inputs, creates a significant security risk. Implement a strict security policy for filesystem access. Restrict file operations to specific, non-sensitive directories. Use sandboxing or containerization to limit the skill's access to the host filesystem. Ensure all file paths derived from user input are rigorously validated and sanitized to prevent directory traversal and arbitrary file access. | LLM | scripts/queue.js:10 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mrshorrid/social-scheduler/scripts/bulk.js:354 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mrshorrid/social-scheduler/scripts/platforms/telegram.js:34 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mrshorrid/social-scheduler/scripts/platforms/telegram.js:60 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mrshorrid/social-scheduler/scripts/test-analytics.js:129 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mrshorrid/social-scheduler/scripts/test-analytics.js:150 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mrshorrid/social-scheduler/scripts/test-analytics.js:172 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/mrshorrid/social-scheduler/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency '@atproto/api' is not pinned to an exact version ('^0.18.20'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/mrshorrid/social-scheduler/package.json | |
| MEDIUM | Unpinned Dependencies in package.json The `package.json` file uses caret (`^`) ranges for several dependencies (e.g., `@atproto/api`, `form-data`, `twitter-api-v2`). This allows minor or patch versions to be automatically updated, which could inadvertently introduce breaking changes or, in a worst-case scenario, malicious code if a dependency maintainer's account is compromised (typosquatting or supply chain attack). The `node-fetch` dependency is pinned to an older major version (`^2.6.1`) which may have known vulnerabilities or be unmaintained. Pin all dependencies to exact versions to ensure deterministic builds and prevent unexpected changes. Use `npm ci` or `yarn install --frozen-lockfile` in CI/CD pipelines. Regularly audit dependencies for known vulnerabilities using tools like `npm audit` or Snyk. Consider upgrading `node-fetch` to a more recent, actively maintained major version (e.g., v3). | LLM | package.json:40 |
Scan History
Embed Code
[](https://skillshield.io/report/7d0d9a7de075e17e)
Powered by SkillShield