Trust Assessment
weather-impact-scheduler received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Arbitrary File Write via Unvalidated Output Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via Unvalidated Output Path The `export_analysis` method allows writing an Excel file to an arbitrary `output_path` provided as an argument. This lack of path validation or restriction can lead to various security issues, including overwriting critical system files, filling up disk space (Denial of Service), or writing potentially sensitive data to publicly accessible or attacker-controlled locations, which could facilitate data exfiltration. Restrict the `output_path` to a predefined, sandboxed directory. Implement strict validation to prevent directory traversal (e.g., `../`) and ensure the path is within an allowed scope. If persistent storage is not strictly required, consider returning the data directly or using a temporary file that is automatically cleaned up. | LLM | SKILL.md:160 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/weather-impact-scheduler/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/8553dc403202fb0b)
Powered by SkillShield