Trust Assessment
tts received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 0 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Arbitrary File Write via Unsanitized Output Path, Unpinned Dependencies in package.json.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 38/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Write via Unsanitized Output Path The skill script `scripts/generate_hume_speech.js` directly uses the `--output` command-line argument in `fs.promises.writeFile()` without proper sanitization or validation. This allows an attacker to specify an arbitrary file path, potentially leading to path traversal (e.g., `../../../etc/passwd`) or overwriting critical system files. If the calling environment interpolates this argument into a shell command without proper escaping, it could also lead to command injection if shell metacharacters are included in the path. Implement strict validation and sanitization for the `--output` argument. Restrict output files to a designated, isolated directory (e.g., a temporary directory or a specific output folder within the skill's sandbox). Ensure the calling environment properly escapes user-provided arguments when constructing shell commands. | LLM | scripts/generate_hume_speech.js:50 | |
| CRITICAL | Arbitrary File Write via Unsanitized Output Path The skill script `scripts/generate_speech.js` directly uses the `--output` command-line argument in `fs.promises.writeFile()` without proper sanitization or validation. This allows an attacker to specify an arbitrary file path, potentially leading to path traversal (e.g., `../../../etc/passwd`) or overwriting critical system files. If the calling environment interpolates this argument into a shell command without proper escaping, it could also lead to command injection if shell metacharacters are included in the path. Implement strict validation and sanitization for the `--output` argument. Restrict output files to a designated, isolated directory (e.g., a temporary directory or a specific output folder within the skill's sandbox). Ensure the calling environment properly escapes user-provided arguments when constructing shell commands. | LLM | scripts/generate_speech.js:30 | |
| MEDIUM | Unpinned npm dependency version Dependency 'openai' is not pinned to an exact version ('^4.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/amstko/tts/scripts/package.json | |
| LOW | Unpinned Dependencies in package.json The `package.json` file uses caret (`^`) ranges for `openai` and `commander` dependencies. This allows for automatic updates to new minor or patch versions, which could inadvertently introduce breaking changes or malicious code if a dependency maintainer's account is compromised. While `package-lock.json` pins versions, the `package.json` still indicates a broader range. Pin dependencies to exact versions (e.g., `"openai": "4.x.x"`) to ensure deterministic builds and prevent unexpected updates. Regularly audit and update dependencies. | LLM | scripts/package.json:6 |
Scan History
Embed Code
[](https://skillshield.io/report/b09920e9fb7f7b60)
Powered by SkillShield