Trust Assessment
whisper-transcribe received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Path Traversal via input file paths and --output-dir, Unpinned `openai-whisper` dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal via input file paths and --output-dir The `transcribe.sh` script constructs file paths for both input and output based on user-provided arguments (`FILE` and `--output-dir`).
- The `OUTPUT_DIR` variable is used directly in `mkdir -p "$outdir"` and as an argument to the `whisper` command. An attacker can provide a path traversal sequence (e.g., `../../../../tmp/malicious_output`) to write files to arbitrary locations on the filesystem, potentially overwriting sensitive files or exfiltrating data.
- Similarly, if an input `FILE` argument contains path traversal sequences (e.g., `../../../../etc/passwd`), the script will attempt to derive an output directory using `dirname "$file"` which could also lead to `mkdir -p` creating directories outside the intended scope. While `whisper` might not process non-audio files, the attempt to access arbitrary files and create directories based on malicious paths is a security concern. Sanitize all user-provided file paths (`FILE` arguments) and the `OUTPUT_DIR` argument to prevent path traversal sequences (e.g., `../`, absolute paths outside a defined root). Ensure that all resolved paths are strictly confined to an allowed base directory (e.g., a temporary directory or a subdirectory within the skill's workspace). | LLM | scripts/transcribe.sh:90 | |
| MEDIUM | Unpinned `openai-whisper` dependency The `SKILL.md` instructs users to install `openai-whisper` via `pip install openai-whisper`, and the `transcribe.sh` script checks for its presence without specifying a version. This leaves the skill vulnerable to supply chain attacks, where a malicious version of the `openai-whisper` package could be published (e.g., if the maintainer account is compromised, or a typosquat package is created) and automatically installed by users, leading to arbitrary code execution or other compromises. Pin the `openai-whisper` dependency to a specific, known-good version (e.g., `pip install openai-whisper==X.Y.Z`). Consider using a `requirements.txt` file with pinned versions and hash checking. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/df023559fe6845e0)
Powered by SkillShield