Trust Assessment
voice-note-to-midi received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 3 critical, 1 high, 4 medium, and 2 low severity. Key findings include Persistence / self-modification instructions, Sensitive environment variable access: $HOME, Persistence mechanism: Shell RC file modification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/danbennettuk/voice-note-to-midi/setup.sh:113 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/danbennettuk/voice-note-to-midi/setup.sh:114 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/danbennettuk/voice-note-to-midi/setup.sh:115 | |
| HIGH | Execution of untrusted script from skill package The `setup.sh` script, which is part of the untrusted skill package, copies another file (`hum2midi`) from the skill's directory (`$SCRIPT_DIR`) to the installation directory (`$INSTALL_DIR`) and then makes it executable using `chmod +x`. Since all content within the skill package is considered untrusted, this action directly prepares an untrusted script for execution. The content of `hum2midi` is not provided for analysis, but its origin within the untrusted skill package makes its execution a significant security risk, as it could contain arbitrary malicious commands. Do not execute or make executable arbitrary scripts found within the skill package without explicit security review. If `hum2midi` is essential, its source code should be provided and thoroughly reviewed, or it should be fetched from a trusted, verified source with integrity checks (e.g., checksums). | LLM | setup.sh:79 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/danbennettuk/voice-note-to-midi/setup.sh:8 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/danbennettuk/voice-note-to-midi/setup.sh:113 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/danbennettuk/voice-note-to-midi/setup.sh:114 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/danbennettuk/voice-note-to-midi/setup.sh:115 | |
| LOW | Unpinned Python dependencies The `pip install` commands in `setup.sh` for `basic-pitch`, `librosa`, `soundfile`, `mido`, and `music21` do not specify exact versions. This introduces a supply chain risk where future versions of these packages could introduce breaking changes, vulnerabilities, or even malicious code. While the listed packages are legitimate, relying on the latest version without pinning can lead to unexpected behavior or security issues over time. Pin all Python dependencies to exact versions (e.g., `pip install basic-pitch==1.0.0`). It is recommended to use a `requirements.txt` file with pinned versions generated by `pip freeze > requirements.txt` after a successful installation. | LLM | setup.sh:66 | |
| LOW | Persistent PATH modification The `setup.sh` script offers to modify the user's shell configuration file (`.bashrc` or `.zshrc`) to add the installation directory (`$HOME/melody-pipeline`) to the system's PATH environment variable. While common for CLI tools, this grants persistent, easy execution access to any scripts or executables placed within that directory. If the `hum2midi` script (or any other script placed there) were malicious, this modification would facilitate its execution without requiring the full path. Avoid modifying user shell configuration files directly. Instead, instruct the user to manually add the directory to their PATH if desired, or provide a separate, clearly documented script for this specific action. Ensure that only trusted and thoroughly vetted executables are placed in directories added to the PATH. | LLM | setup.sh:93 |
Scan History
Embed Code
[](https://skillshield.io/report/8a07c9751d71414d)
Powered by SkillShield