Trust Assessment
walkie-talkie received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via TTS tool, Potential Command Injection via transcription script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via TTS tool The skill's workflow involves generating speech using `bin/sherpa-onnx-tts`. The example provided, `bin/sherpa-onnx-tts /tmp/reply.ogg "Tu mensaje aquí"`, indicates that user-derived text (the LLM's response) is directly passed as an argument to a shell command. If this text contains shell metacharacters (e.g., backticks, semicolons, pipes, `$(...)`), an attacker could inject arbitrary commands, leading to remote code execution on the host system. Ensure that all user-controlled input passed to external shell commands, such as `bin/sherpa-onnx-tts`, is rigorously sanitized and properly escaped. Prefer using safe execution methods that pass arguments as a list (e.g., `subprocess.run(['bin/sherpa-onnx-tts', '/tmp/reply.ogg', user_text])` in Python) rather than constructing a single command string, to prevent shell interpretation of arguments. | LLM | SKILL.md:30 | |
| MEDIUM | Potential Command Injection via transcription script The skill uses `tools/transcribe_voice.sh` to process incoming audio files from the user. As this is a shell script processing untrusted user-provided input (the audio file), there is a risk of command injection. If the script uses the filename or any metadata extracted from the audio in subsequent shell commands without proper sanitization, or if the script itself is vulnerable to injection, an attacker could execute arbitrary commands. The exact exploit path depends on the internal implementation of `transcribe_voice.sh`, which is not provided. Review the `tools/transcribe_voice.sh` script to ensure all inputs, especially the path to the user's audio file and any extracted metadata, are thoroughly sanitized and escaped before being used in any shell commands. Implement robust input validation and prefer safe command execution methods that avoid shell interpretation of arguments. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/4e7887a18e9b1a89)
Powered by SkillShield