Trust Assessment
story-video received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 17 findings: 6 critical, 7 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings17
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/story-video-skill/scripts/generate_video.py:19 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/story-video-skill/scripts/generate_video.py:77 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/story-video-skill/scripts/generate_video.py:258 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawforgod/story-video-skill/scripts/transcribe_audio.py:31 | |
| CRITICAL | Command Injection via `cat` in FFmpeg filter The `scripts/generate_video_standalone.sh` script directly interpolates the content of `$TEXT_FILE` into an `ffmpeg drawtext` filter using command substitution (`$(cat $TEXT_FILE | tr '\n' ' ')`). A malicious `$TEXT_FILE` containing shell metacharacters or commands (e.g., `'; rm -rf /;'`) could lead to arbitrary command execution on the host system. Avoid direct command substitution of untrusted file content. Instead, read the file content into a variable and pass it as a literal string to the `ffmpeg` filter, ensuring proper escaping or using a safer API that handles untrusted input. For `drawtext`, consider using a temporary file for the text content and referencing it with `textfile=`. | LLM | scripts/generate_video_standalone.sh:30 | |
| CRITICAL | Command Injection via `curl` file upload argument In `scripts/transcribe_audio.py`, the `audio_path` variable, which is derived from user input, is directly used in a `curl` command with the `-F "file=@{audio_path}"` argument. A specially crafted `audio_path` (e.g., `"; rm -rf /; "`) could be interpreted by `curl` or the underlying shell as a command, leading to arbitrary command execution. Even though `subprocess.run` is used with a list (avoiding `shell=True`), `curl` itself can be vulnerable to argument injection when processing filenames with the `@` prefix. Sanitize or strictly validate the `audio_path` to ensure it does not contain any shell metacharacters or `curl` argument injection payloads. Alternatively, use a Python library for HTTP requests that handles file uploads more securely, or pass the file content directly to `curl` via stdin if the API supports it, rather than relying on the `@` prefix with an untrusted filename. | LLM | scripts/transcribe_audio.py:20 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '<module>'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/story-video-skill/scripts/generate_video.py:19 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_compose_video'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/story-video-skill/scripts/generate_video.py:258 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_get_audio_duration'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/story-video-skill/scripts/generate_video.py:77 | |
| HIGH | Potential data exfiltration: file read + network send Function 'search_images' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/snail3d/clawforgod/story-video-skill/scripts/search_images.py:120 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'transcribe_with_groq'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/clawforgod/story-video-skill/scripts/transcribe_audio.py:31 | |
| HIGH | Argument Injection in `ffprobe` and `ffmpeg` (Shell Scripts) Multiple shell scripts (`generate_animated_video.sh`, `generate_branded_video.sh`, `generate_final_video.sh`, `generate_video_standalone.sh`) pass the `$AUDIO` variable (a direct script argument from user input) to `ffprobe` and `ffmpeg` commands. While the variable is quoted, a malicious input for `$AUDIO` (e.g., `"-i /dev/null -f raw /dev/zero"`) could be interpreted as additional command-line arguments by `ffprobe` or `ffmpeg`, potentially altering their behavior, causing resource exhaustion, or leading to other unintended effects. Implement strict validation and sanitization of all user-provided file paths before passing them to external commands like `ffprobe` and `ffmpeg`. Ensure paths only contain allowed characters and do not start with hyphens or other characters that could be interpreted as command-line options. Consider using a dedicated library for media processing in Python to avoid direct shell command execution. | LLM | scripts/generate_animated_video.sh:20 | |
| HIGH | Argument Injection in `ffprobe` and `ffmpeg` (Python Script) In `scripts/generate_video.py`, the `audio_path` variable (derived from user input) is passed as an argument to `ffprobe` (line 55) and `ffmpeg` (line 149) via `subprocess.run`. Although `subprocess.run` with a list of arguments is generally safer than `shell=True`, a malicious `audio_path` (e.g., containing `"-i /dev/null -f raw /dev/zero"`) could be interpreted as additional command-line arguments by `ffprobe` or `ffmpeg`, potentially altering their behavior or leading to resource exhaustion. Implement strict validation and sanitization of all user-provided file paths before passing them to external commands like `ffprobe` and `ffmpeg`. Ensure paths only contain allowed characters and do not start with hyphens or other characters that could be interpreted as command-line options. Consider using a dedicated Python library for media processing that provides safer abstractions. | LLM | scripts/generate_video.py:55 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/clawforgod/story-video-skill/scripts/search_images.py:9 | |
| MEDIUM | Undocumented System Dependency (ImageMagick) The `scripts/generate_branded_video.sh` script utilizes the `convert` command, which is part of the ImageMagick suite. However, ImageMagick is not explicitly listed as a system dependency in the `SKILL.md` documentation. This omission can lead to runtime errors for users who do not have ImageMagick installed, indicating an incomplete or inaccurate dependency declaration. Update the `SKILL.md` documentation to include ImageMagick (`convert`) as a required system dependency. Ensure all external tools used by the skill are clearly documented for users. | LLM | scripts/generate_branded_video.sh:99 | |
| LOW | Data Exfiltration via Third-Party Image Search APIs The `scripts/search_images.py` script sends `search_query` strings, derived from user-provided story text, to external image search APIs (Unsplash, Pexels). While this is expected functionality, if the user's story text contains sensitive or private information, that information could be exfiltrated to these third-party services. Additionally, downloading images from external URLs introduces a general risk of malicious content, although the script does not appear to execute the downloaded images. Inform users that their story content (or parts of it used for image search queries) will be sent to third-party image search providers. Advise users not to include sensitive information in their story text if they are concerned about privacy. Implement a content filter or anonymization step for search queries if privacy is a critical concern. | LLM | scripts/search_images.py:30 | |
| INFO | Credential Access from Environment Variables The skill accesses API keys (`GROQ_API_KEY`, `UNSPLASH_API_KEY`, `PEXELS_API_KEY`) directly from environment variables in `scripts/transcribe_audio.py` and `scripts/search_images.py`. This is a common and generally accepted practice for handling secrets in applications, as it avoids hardcoding credentials. However, it's important for users to be aware that these credentials are being accessed and used, and to ensure their environment variables are secured. No direct remediation is required for this practice itself, as it's a standard way to handle secrets. However, ensure that documentation clearly states which environment variables are required and for what purpose. Advise users on best practices for securing their environment variables. | LLM | scripts/transcribe_audio.py:10 |
Scan History
Embed Code
[](https://skillshield.io/report/ed98e14b4e8132ee)
Powered by SkillShield