Trust Assessment
story-video received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 16 findings: 8 critical, 7 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings16
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/story-video-skill/scripts/generate_video.py:19 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/story-video-skill/scripts/generate_video.py:77 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/story-video-skill/scripts/generate_video.py:258 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/story-video-skill/scripts/transcribe_audio.py:31 | |
| CRITICAL | Shell Command Injection via Unsanitized Arguments The script directly uses unsanitized command-line arguments ($1, $2, $3, $4) in `ffprobe` and `ffmpeg` commands. If a malicious user provides an argument containing shell metacharacters (e.g., '; rm -rf /'), these characters will be interpreted and executed by the shell, leading to arbitrary command injection. This allows an attacker to execute any command on the system where the script is run. Sanitize all user-provided arguments before using them in shell commands. For filenames, ensure they are properly quoted (e.g., `"$AUDIO"`) and consider using `printf %q` for more robust escaping if the arguments are complex. For Python scripts, use `subprocess.run()` with a list of arguments (e.g., `['ffmpeg', '-i', audio_path]`) instead of `shell=True` or string concatenation. | LLM | scripts/generate_animated_video.sh:10 | |
| CRITICAL | Shell Command Injection via Unsanitized Arguments The script directly uses unsanitized command-line arguments ($1, $2, $3, $4) in `ffprobe` and `ffmpeg` commands. If a malicious user provides an argument containing shell metacharacters (e.g., '; rm -rf /'), these characters will be interpreted and executed by the shell, leading to arbitrary command injection. This allows an attacker to execute any command on the system where the script is run. Sanitize all user-provided arguments before using them in shell commands. For filenames, ensure they are properly quoted (e.g., `"$AUDIO"`) and consider using `printf %q` for more robust escaping if the arguments are complex. For Python scripts, use `subprocess.run()` with a list of arguments (e.g., `['ffmpeg', '-i', audio_path]`) instead of `shell=True` or string concatenation. | LLM | scripts/generate_branded_video.sh:10 | |
| CRITICAL | Shell Command Injection via Unsanitized Arguments The script directly uses unsanitized command-line arguments ($1, $2, $3, $4) in `ffprobe` and `ffmpeg` commands. If a malicious user provides an argument containing shell metacharacters (e.g., '; rm -rf /'), these characters will be interpreted and executed by the shell, leading to arbitrary command injection. This allows an attacker to execute any command on the system where the script is run. Sanitize all user-provided arguments before using them in shell commands. For filenames, ensure they are properly quoted (e.g., `"$AUDIO"`) and consider using `printf %q` for more robust escaping if the arguments are complex. For Python scripts, use `subprocess.run()` with a list of arguments (e.g., `['ffmpeg', '-i', audio_path]`) instead of `shell=True` or string concatenation. | LLM | scripts/generate_final_video.sh:6 | |
| CRITICAL | Shell Command Injection via Unsanitized Arguments The script directly uses unsanitized command-line arguments ($1, $2, $3, $4) in `ffprobe` and `ffmpeg` commands. If a malicious user provides an argument containing shell metacharacters (e.g., '; rm -rf /'), these characters will be interpreted and executed by the shell, leading to arbitrary command injection. This allows an attacker to execute any command on the system where the script is run. Sanitize all user-provided arguments before using them in shell commands. For filenames, ensure they are properly quoted (e.g., `"$AUDIO"`) and consider using `printf %q` for more robust escaping if the arguments are complex. For Python scripts, use `subprocess.run()` with a list of arguments (e.g., `['ffmpeg', '-i', audio_path]`) instead of `shell=True` or string concatenation. | LLM | scripts/generate_video_standalone.sh:6 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '<module>'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/voice-devotional/story-video-skill/scripts/generate_video.py:19 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_compose_video'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/voice-devotional/story-video-skill/scripts/generate_video.py:258 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_get_audio_duration'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/voice-devotional/story-video-skill/scripts/generate_video.py:77 | |
| HIGH | Potential data exfiltration: file read + network send Function 'search_images' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/snail3d/voice-devotional/story-video-skill/scripts/search_images.py:120 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'transcribe_with_groq'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/snail3d/voice-devotional/story-video-skill/scripts/transcribe_audio.py:31 | |
| HIGH | Data Exfiltration to Third-Party API (Groq) The `transcribe_with_groq` function sends the user's audio file (`audio_path`) to the Groq Whisper API for transcription. While this is intended functionality, it constitutes sending potentially sensitive user data (audio content) to an external third-party service. This should be explicitly disclosed to the user, and consent obtained, especially if the audio contains personal or confidential information. Clearly inform users that their audio data will be sent to Groq for processing. Provide an option for local transcription (e.g., using a local Whisper model) to avoid sending data externally, as mentioned in the SKILL.md documentation ('Uses Groq Whisper (or local speech-to-text)'). Ensure proper data handling and privacy policies are in place. | LLM | scripts/transcribe_audio.py:20 | |
| HIGH | Data Exfiltration to Third-Party APIs (Unsplash/Pexels) The `search_images` function sends user-provided `search_query` strings (derived from story content) to the Unsplash and Pexels APIs. While this is intended for generating background images, it means potentially sensitive or private aspects of the user's story content are transmitted to external third-party services. This constitutes data exfiltration of user-generated text. Clearly inform users that parts of their story text will be used as search queries and sent to Unsplash/Pexels. Provide options for users to manually specify image paths or review/edit generated search queries before they are sent to external services. Ensure proper data handling and privacy policies are in place. | LLM | scripts/search_images.py:70 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/snail3d/voice-devotional/story-video-skill/scripts/search_images.py:9 |
Scan History
Embed Code
[](https://skillshield.io/report/9e6215e16e249838)
Powered by SkillShield