Trust Assessment
vehicle-tracker received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary file write to user's home directory via configuration, Unmanaged Python dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary file write to user's home directory via configuration The skill allows `photo_base_dir` and `local_excel_dir` to be configured in `config.json`. These paths are then expanded using `os.path.expanduser`, enabling the skill to write Excel files and copied photos to arbitrary locations within the user's home directory. An attacker who can modify `config.json` (e.g., through a compromised skill installation or configuration update) could direct the skill to write to sensitive directories (e.g., `~/.ssh`, `~/Desktop`, `~/.config`) potentially overwriting existing files or placing malicious content. Furthermore, the `shutil.copy2` function copies user-provided `photo_path` files to these configurable destinations, allowing an attacker to exfiltrate arbitrary files from the system by specifying a sensitive source file and a publicly accessible or attacker-controlled destination path within the home directory. Restrict `photo_base_dir` and `local_excel_dir` to a dedicated, isolated subdirectory within the skill's own data directory or a clearly defined, non-sensitive user data directory. Do not allow arbitrary paths within `~`. If user-defined paths are absolutely necessary, implement strict validation to ensure they are subdirectories of a safe base path and do not contain path traversal sequences (e.g., `..`). For `shutil.copy2`, consider if copying arbitrary files from arbitrary locations is truly necessary; if not, restrict source paths. | LLM | tracker.py:40 | |
| INFO | Unmanaged Python dependencies The `tracker.py` script imports `openpyxl` and relies on a local `google-workspace` skill without explicit dependency management (e.g., a `requirements.txt` file with pinned versions). While `openpyxl` is handled with a `try-except` block, the absence of a `requirements.txt` makes it harder to ensure consistent and secure environments, potentially leading to unexpected behavior or vulnerabilities if incompatible or malicious versions of dependencies are installed manually. The reliance on a local `google-workspace` skill also introduces a transitive dependency risk, where a vulnerability in `google-workspace` could affect this skill. Add a `requirements.txt` file to the skill package, listing all external Python dependencies (e.g., `openpyxl==X.Y.Z`) with pinned versions. For the `google-workspace` skill dependency, consider documenting its required version or ensuring it's managed as part of the skill ecosystem's deployment process. | LLM | tracker.py:10 |
Scan History
Embed Code
[](https://skillshield.io/report/a771def954a7d38d)
Powered by SkillShield