Trust Assessment
voice-devotional received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 5 critical, 1 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, Missing required field: name, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/voice-devotional/scripts/generate-full.js:47 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/voice-devotional/scripts/generate-today.js:50 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/voice-devotional/scripts/generate-full.js:46 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/clawd/skills/voice-devotional/scripts/generate-today.js:49 | |
| CRITICAL | Command Injection via child_process.exec The `child_process.exec` function is used with string concatenation to execute a shell command. The `dest` variable, which forms part of the command string, is derived from `process.env.HOME` and a hardcoded filename. If `process.env.HOME` can be manipulated to contain malicious shell metacharacters (e.g., double quotes, backticks, semicolons, command substitutions), an attacker could inject and execute arbitrary commands on the system. For example, if `process.env.HOME` was set to `/tmp/foo" && rm -rf / && echo "`, it would lead to `rm -rf /` being executed. Avoid using `child_process.exec` with string concatenation for user-controlled or environment-variable-derived inputs. Instead, use `child_process.execFile` or `child_process.spawn` with an array of arguments, which prevents shell interpretation of arguments. If `exec` must be used, ensure all variable parts of the command string are thoroughly sanitized or shell-escaped using a robust library. | LLM | scripts/generate-full.js:49 | |
| HIGH | Path Traversal in File Output The skill allows users to specify an output directory (`--output DIR` CLI option or `OUTPUT_DIR` environment variable) and components of the output filename (`--theme`, `--passage`, `--topic` CLI options). These inputs are used to construct file paths for writing audio and metadata. An attacker could provide a malicious `DIR` (e.g., `/etc`) or inject path traversal sequences (`../`) into `theme`, `passage`, or `topic` to write files to arbitrary locations on the filesystem. This could lead to overwriting critical system files, creating malicious files in sensitive directories, or exfiltrating data by writing it to an accessible location. Implement strict validation and sanitization for both the `outputDir` and filename components derived from user input. For `outputDir`, restrict it to a dedicated, non-sensitive directory within the skill's sandbox, or validate it rigorously to prevent arbitrary paths. For filename components (`theme`, `passage`, `topic`), sanitize user input by removing or escaping all path separators (`/`, `\`) and `..` sequences. A whitelist of allowed characters for filenames is generally more robust than a blacklist. | LLM | scripts/voice-devotional.js:100 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/snail3d/clawd/skills/voice-devotional/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^16.0.3'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/snail3d/clawd/skills/voice-devotional/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/snail3d/clawd/skills/voice-devotional/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/a2db8bfea0d753e5)
Powered by SkillShield