Trust Assessment
tmdb received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned Python dependencies, Execution of unmanaged external scripts with user input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Python dependencies The `scripts/tmdb.py` file specifies Python dependencies (`httpx`, `click`) without pinning them to specific versions. This can lead to supply chain vulnerabilities if a new version of a dependency introduces a security flaw or breaking change, or if a malicious version is published. It also makes builds non-deterministic. Pin all dependencies to exact versions (e.g., `httpx==0.25.0`, `click==8.1.7`). Consider using a `requirements.txt` or similar lock file for deterministic builds and better dependency management. | LLM | scripts/tmdb.py:4 | |
| HIGH | Execution of unmanaged external scripts with user input The `scripts/tmdb.py` skill executes external Python scripts (`plex.py` and `ppl.py`) located at relative paths (`../plex/plex.py`, `../ppl/ppl.py`) using `subprocess.run`. These external scripts are not part of the `tmdb` skill package and their security cannot be guaranteed. User-controlled input (`user_id`, `note_content`) is passed directly as arguments to these external scripts. If a malicious script is placed at these paths, or if the external scripts themselves are vulnerable, this could lead to arbitrary code execution or data exfiltration. While `subprocess.run` is used with a list of arguments (mitigating direct shell injection from arguments), the reliance on unmanaged external code is a significant supply chain risk. 1. Avoid executing external, unmanaged scripts. If integration with other skills is required, use a secure, well-defined inter-skill communication mechanism provided by the agent platform, rather than direct `subprocess.run` calls to relative paths. 2. If direct execution is unavoidable, ensure the external scripts are cryptographically verified or part of the same trusted skill package. 3. Thoroughly sanitize and validate all user-controlled inputs passed to external processes, even when using list arguments, to prevent unexpected behavior or vulnerabilities in the called script. 4. Consider isolating external script execution in a sandboxed environment. | LLM | scripts/tmdb.py:500 |
Scan History
Embed Code
[](https://skillshield.io/report/94811ab72a6cc217)
Powered by SkillShield