Trust Assessment
sudoku received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 4 critical, 3 high, 4 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 3/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/sudoku/scripts/sudoku_fetcher.py:181 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/sudoku/scripts/sudoku_fetcher.py:211 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/odrobnik/sudoku/scripts/sudoku_fetcher.py:56 | |
| CRITICAL | Dangerous call: eval() Call to 'eval()' detected in function 'fetch_puzzles'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/sudoku/scripts/sudoku_fetcher.py:56 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_puzzle_link'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/sudoku/scripts/sudoku_fetcher.py:181 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_native_link'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/odrobnik/sudoku/scripts/sudoku_fetcher.py:211 | |
| HIGH | Arbitrary file read via '--file' argument The `sudoku.py` script allows users to specify an arbitrary file path using the `--file` argument for commands such as `puzzle`, `render`, `reveal`, and `share`. The `load_puzzle` function then attempts to open and parse this file as JSON. An attacker can exploit this to attempt to read any file on the system that the skill's process has read access to (e.g., `/etc/passwd`, `~/.ssh/id_rsa`). Even if the target file is not valid JSON, the attempt to open and read it can confirm its existence and readability, and potentially leak information through error messages. Implement strict path validation to ensure that the `args.file` path is strictly confined within the designated `PUZZLES_DIR`. For example, check `Path(args.file).resolve().is_relative_to(PUZZLES_DIR.resolve())` before attempting to load the file. | LLM | scripts/sudoku.py:400 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/odrobnik/sudoku/scripts/encode_native.js:5 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/odrobnik/sudoku/scripts/sudoku.py:39 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/odrobnik/sudoku/scripts/sudoku_fetcher.py:15 | |
| MEDIUM | Unsafe parsing of external JavaScript object literals with `ast.literal_eval` The `parse_preloaded_puzzles` function in `scripts/sudoku.py` fetches HTML content from `sudokuonline.io` (a fixed external source), extracts JavaScript object literals, performs string replacements (e.g., `true` to `True`), and then uses `ast.literal_eval()` to parse these partially transformed strings into Python objects. While `ast.literal_eval` is designed for trusted Python literals, using it on untrusted, externally sourced, and regex-transformed data is risky. A compromised `sudokuonline.io` could potentially craft a malicious string that, after transformation, leads to resource exhaustion (e.g., by creating extremely large or deeply nested data structures) or unexpected data types, causing denial of service or other runtime errors. Replace `ast.literal_eval` with a more robust and secure method for parsing the JavaScript object literals. A safer approach would be to use a dedicated JSON parser if the input can be guaranteed to be valid JSON, or to manually parse the key-value pairs using regex or a simple state machine to construct a Python dictionary, avoiding direct evaluation of external strings. | LLM | scripts/sudoku.py:200 |
Scan History
Embed Code
[](https://skillshield.io/report/22e9b8e9d49be9c5)
Powered by SkillShield