Trust Assessment
story-video received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 15 findings: 5 critical, 6 high, 2 medium, and 2 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings15
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/story-video-skill/scripts/generate_video.py:19 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/story-video-skill/scripts/generate_video.py:77 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/story-video-skill/scripts/generate_video.py:258 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/story-video-skill/scripts/transcribe_audio.py:31 | |
| CRITICAL | Command Injection via Text File Content The `generate_video_standalone.sh` script uses a command substitution `$(cat $TEXT_FILE | tr '\n' ' ')` directly within an `ffmpeg` command's `drawtext` filter. If the `$TEXT_FILE` (which is user-controlled) contains shell metacharacters or commands, these will be executed by the shell before `ffmpeg` even runs, leading to arbitrary command execution. Avoid using command substitutions with user-controlled input. Instead, pass the text content as a literal string or use a safer method to provide text to `ffmpeg`, such as writing it to a temporary file and referencing that file, or using a Python script with `subprocess.run` and `shell=False` to construct the command arguments safely. | LLM | scripts/generate_video_standalone.sh:29 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '<module>'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/story-video-skill/scripts/generate_video.py:19 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_compose_video'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/story-video-skill/scripts/generate_video.py:258 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_get_audio_duration'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/story-video-skill/scripts/generate_video.py:77 | |
| HIGH | Potential data exfiltration: file read + network send Function 'search_images' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/snail3d/clawd/story-video-skill/scripts/search_images.py:120 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'transcribe_with_groq'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawd/story-video-skill/scripts/transcribe_audio.py:31 | |
| HIGH | Data Exfiltration/Command Injection via curl file upload The `transcribe_audio.py` script uses `curl` with `-F "file=@{audio_path}"` to upload an audio file to the Groq API. If `audio_path` is user-controlled and can be manipulated to point to an arbitrary file (e.g., `@/etc/passwd`), `curl` might attempt to upload the content of that file to the external API endpoint, leading to data exfiltration. Additionally, if `audio_path` can be crafted to include `curl` command-line options (e.g., `--output-file`), it could lead to command injection. Sanitize the `audio_path` to ensure it is a valid, non-malicious file path. Consider using a dedicated Python library for HTTP requests (like `requests`) which handles file uploads more safely, or explicitly validate the path to prevent special `curl` syntax from being exploited. | LLM | scripts/transcribe_audio.py:19 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawd/story-video-skill/scripts/search_images.py:9 | |
| MEDIUM | Command Injection in Shell Scripts via Unquoted Variables The shell scripts (`generate_animated_video.sh`, `generate_branded_video.sh`, `generate_final_video.sh`) directly use user-controlled variables such as `$AUDIO`, `$TEXT_FILE`, and `$OUTPUT` in `ffmpeg` commands without robust quoting. While `subprocess.run` in Python handles quoting, direct shell execution of unquoted variables can be vulnerable to command injection if a malicious user provides input containing shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`). Always quote user-controlled variables when using them in shell commands (e.g., `ffmpeg -i "$AUDIO"`). For more complex scenarios, consider using `printf %q` for robust quoting or rewrite the logic in a language like Python that offers safer ways to execute external commands (e.g., `subprocess.run` with a list of arguments and `shell=False`). | LLM | scripts/generate_animated_video.sh:10 | |
| LOW | Unpinned Dependency Installation The `generate_video.py` script attempts to install the `Pillow` library using `pip3 install Pillow` if it's missing. This command does not specify a version, which means it will always install the latest available version. This introduces a supply chain risk, as a malicious or vulnerable version of `Pillow` could be installed if published, potentially compromising the system. Pin the dependency to a specific version (e.g., `pip3 install Pillow==X.Y.Z`) or a version range (e.g., `pip3 install 'Pillow>=X.Y,<X.Z'`) to ensure reproducible and secure installations. It's generally better to manage dependencies via a `requirements.txt` file. | LLM | scripts/generate_video.py:13 | |
| LOW | Unpinned Dependency Usage (requests) The `search_images.py` script uses the `requests` library without specifying a version. While `requests` is a widely used and generally trusted library, relying on unpinned versions can introduce supply chain risks. If a future version of `requests` contains a vulnerability or breaking change, it could affect the skill's security or functionality. Specify exact versions or version ranges for all dependencies in a `requirements.txt` file. This ensures that the skill runs with known, tested, and secure versions of its dependencies. | LLM | scripts/search_images.py:5 |
Scan History
Embed Code
[](https://skillshield.io/report/88c0b74829242256)
Powered by SkillShield