Trust Assessment
telegram-voice-group received a trust score of 32/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 0 medium, and 1 low severity. Key findings include Arbitrary command execution, Node lockfile missing, Command Injection in `node -e` call via `$SESSION_KEY` in bash script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/sanwecn/telegram-voice-group/index.js:33 | |
| CRITICAL | Command Injection in `node -e` call via `$SESSION_KEY` in bash script The `$SESSION_KEY` variable, which is user-controlled, is directly interpolated into a JavaScript string literal within a `node -e` command in the `send_telegram_voice.js` script. An attacker can inject arbitrary JavaScript code by providing a `SESSION_KEY` that breaks out of the string (e.g., `foo', console.log(process.env); //`). This allows for arbitrary code execution within the Node.js environment, potentially leading to data exfiltration (e.g., environment variables, file contents) or other malicious actions. Avoid constructing shell commands by concatenating user input directly into string literals. Instead, pass arguments as an array to `child_process.spawn` or `child_process.execFile` in a wrapper script, or use a safe method to invoke the Node.js script without direct string interpolation of user input. If `node -e` is strictly necessary, ensure `$SESSION_KEY` is properly JSON-escaped and then shell-escaped. | LLM | send_telegram_voice.js:50 | |
| CRITICAL | Command Injection in `edge-tts` call via `voice` or `rate` parameters in `index.js` The `voice` and `rate` parameters, which can be controlled by the user, are directly interpolated into a shell command executed via `child_process.execAsync` without proper shell escaping. An attacker can inject arbitrary shell commands by crafting these parameters (e.g., `voice="; rm -rf / --"` or `rate="; cat /etc/passwd > /tmp/exfil.txt; #"`). This can lead to arbitrary code execution and data exfiltration. Use a dedicated library for safe command execution or properly escape all user-controlled inputs using a function like `shlex.quote` (Python equivalent) or by passing arguments as an array to `child_process.spawn` or `child_process.execFile`. For Node.js, `child_process.execFile` is generally preferred over `exec` when executing a specific command with arguments. | LLM | index.js:40 | |
| HIGH | Command Injection in `edge-tts` call via `$TEXT`, `$VOICE`, or `$RATE` parameters in bash script The `$TEXT`, `$VOICE`, and `$RATE` variables, which are user-controlled, are directly interpolated into the `edge-tts` shell command in `send_telegram_voice.js`. While double-quoted, these variables are still vulnerable to command substitution (e.g., `$(command)` or `` `command` ``) if the input is not properly sanitized or escaped for the shell. This can lead to arbitrary code execution and data exfiltration. Properly escape all user-controlled inputs using a function like `printf %q` in bash for shell arguments, or avoid direct string concatenation for command execution by using a more robust method that passes arguments as an array. | LLM | send_telegram_voice.js:35 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/sanwecn/telegram-voice-group/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/13c301cb76778bb1)
Powered by SkillShield