Trust Assessment
voice-devotional received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 4 critical, 1 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, Missing required field: name, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/skills/voice-devotional/scripts/generate-full.js:47 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/skills/voice-devotional/scripts/generate-today.js:50 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/skills/voice-devotional/scripts/generate-full.js:46 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/voice-devotional/skills/voice-devotional/scripts/generate-today.js:49 | |
| HIGH | Path Traversal via User-Controlled Output Directory and Filename Components The skill allows users to specify an output directory (`--output DIR` in `cli.js`) and uses user-controlled strings (like `theme`, `passage`, `topic`) to construct filenames. These inputs are used in `path.join(this.outputDir, filename)` and `fs.mkdir(this.outputDir, { recursive: true })` without sufficient sanitization. An attacker can provide a malicious `outputDir` (e.g., `/tmp/../../../../etc`) or inject path traversal sequences into filename components (e.g., `--theme '../../../../tmp/malicious'`) to write arbitrary files (audio, JSON metadata) to sensitive locations on the filesystem, potentially overwriting existing files or placing malicious content. Sanitize user-provided `outputDir` to ensure it is always a subdirectory of a safe, designated output path (e.g., `path.resolve('./output', userProvidedDir)`). Additionally, sanitize all user-controlled filename components (like `theme`, `passage`, `topic`) by removing path separators (`/`, `\`) and other special characters before using them to construct file paths. For example, use `string.replace(/[^a-zA-Z0-9-_.]/g, '')`. | LLM | scripts/voice-devotional.js:28 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/snail3d/voice-devotional/skills/voice-devotional/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^16.0.3'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/snail3d/voice-devotional/skills/voice-devotional/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/snail3d/voice-devotional/skills/voice-devotional/package.json | |
| INFO | Potential Data Exfiltration to Third-Party TTS API The skill's core functionality involves sending user-provided or user-derived text content to the ElevenLabs Text-to-Speech API for audio generation. While the skill is designed for spiritual content, the `generateCustom` function (mentioned in SKILL.md) allows arbitrary text input. If users input sensitive or personally identifiable information (PII) into the skill, this data will be transmitted to the ElevenLabs service, which constitutes data exfiltration to a third party. Users should be aware of this data flow and avoid submitting sensitive information. Inform users clearly that any text provided to the skill, especially via custom generation features, will be sent to a third-party TTS provider (ElevenLabs). Advise against submitting sensitive or confidential information. Consider adding input validation or warnings for potentially sensitive content if the skill's scope expands beyond its current spiritual focus. | LLM | scripts/tts-generator.js:20 |
Scan History
Embed Code
[](https://skillshield.io/report/230b81a751d09ec3)
Powered by SkillShield