Trust Assessment
spaces-listener received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Potential Command Injection via user-controlled arguments to external binaries, Unpinned external tool dependencies, Skill requires and uses a sensitive API key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 69/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via user-controlled arguments to external binaries The skill's documentation demonstrates the use of an external `spaces` command, which in turn likely invokes `yt-dlp` and `ffmpeg` with user-provided URLs and file paths. If the `spaces` tool does not properly sanitize these inputs before executing shell commands, a malicious user could inject arbitrary commands. The `SKILL.md` explicitly shows `spaces listen <url>`, `spaces transcribe <file>`, and `spaces summarize <file>`, all of which take user-controlled arguments. The 'Critical: Agent Usage Rules' section also mentions `exec`, confirming shell execution. The underlying `spaces` tool must rigorously sanitize all user-provided inputs (URLs, file paths, etc.) before passing them to `yt-dlp`, `ffmpeg`, or any other shell command. Use parameterized commands or escape inputs thoroughly. The agent environment should also consider sandboxing external command execution. | LLM | SKILL.md:15 | |
| MEDIUM | Unpinned external tool dependencies The skill's requirements section suggests installing `yt-dlp`, `ffmpeg`, and `openai-whisper` using `brew install` without specifying exact versions. This introduces a supply chain risk, as future installations might pull in different versions that could introduce breaking changes, vulnerabilities, or even malicious code if an upstream project is compromised. Pin specific versions for all external dependencies (e.g., `brew install yt-dlp@2023.12.30 ffmpeg@6.1.1`). Implement checksum verification for downloaded binaries where possible. Regularly audit and update dependencies. | LLM | SKILL.md:42 | |
| MEDIUM | Broad filesystem write access and external command execution The skill is designed to download audio, process it with `ffmpeg`, transcribe it, and write output files to user-specific directories (`~/Dropbox/ClawdBox/XSpaces/`) and temporary staging areas (`/tmp/spaces-listener-staging/`). It also requires and executes external binaries like `yt-dlp` and `ffmpeg`. This broad access to the filesystem and ability to execute arbitrary external commands (via the `spaces` wrapper) could be abused if the skill or its inputs are compromised, potentially leading to data manipulation, denial of service, or further system compromise. Implement strict sandboxing for skill execution, limiting filesystem access to only necessary directories and restricting external command execution to a whitelist of approved binaries and arguments. The agent environment should enforce least privilege principles. | LLM | SKILL.md:69 | |
| LOW | Skill requires and uses a sensitive API key The skill requires the `OPENAI_API_KEY` environment variable for summarization functionality. While the documentation itself does not show credential harvesting, the reliance on a sensitive API key by an external, unprovided `spaces` tool introduces a risk. If the `spaces` tool's implementation is compromised or malicious, it could exfiltrate this key. Ensure the `spaces` tool handles the `OPENAI_API_KEY` securely, using environment variables or secure secrets management systems rather than hardcoding or logging. Implement strict access controls and monitoring for any outbound network connections made by the `spaces` tool. The agent environment should provide secure mechanisms for passing credentials to skills. | LLM | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/06564b8378533440)
Powered by SkillShield