Trust Assessment
x-voice-match received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 6 critical, 5 high, 0 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Arbitrary command execution, Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gravyxbt/x-voice-match/scripts/generate_post.py:130 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gravyxbt/x-voice-match/scripts/generate_post.py:131 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/gravyxbt/x-voice-match/scripts/analyze_voice.py:22 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/gravyxbt/x-voice-match/scripts/analyze_voice.py:240 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/gravyxbt/x-voice-match/scripts/generate_post.py:24 | |
| CRITICAL | Prompt Injection via Crafted Voice Profile JSON The `build_generation_prompt` function in `generate_post.py` constructs an LLM prompt by directly interpolating values from a `profile.json` file. This `profile.json` can be user-provided via the `--profile` argument. If a malicious user provides a crafted `profile.json` containing prompt injection instructions within fields like `topics`, `signature_phrases`, `sample_tweets`, `tone`, or `style`, these instructions will be embedded directly into the LLM prompt. This could manipulate the LLM's behavior, leading to unintended outputs, data disclosure, or other malicious actions. Implement strict sanitization and validation for all user-controlled data loaded from `profile.json` before it is incorporated into the LLM prompt. This could involve filtering out known prompt injection keywords, limiting the length of fields, or using a more robust templating system that automatically escapes user input. | LLM | scripts/generate_post.py:40 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'fetch_tweets'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/gravyxbt/x-voice-match/scripts/analyze_voice.py:22 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'main'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/gravyxbt/x-voice-match/scripts/analyze_voice.py:240 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'quick_analyze'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/gravyxbt/x-voice-match/scripts/generate_post.py:24 | |
| HIGH | Command Injection via User-Controlled Username The `analyze_voice.py` script, and consequently `generate_post.py` when using the `--account` flag, constructs a `subprocess.run` command using the user-provided `username` argument. If the `username` contains shell metacharacters (e.g., `;`, `|`, `&`), and the `bird.sh` script (which is executed by `subprocess.run`) does not properly quote or sanitize its arguments, this could lead to arbitrary command execution on the host system. This is a common vulnerability pattern when user input is directly passed to shell commands. Sanitize or validate the `username` input to prevent shell metacharacters. Ensure that the `bird.sh` script, if it is a shell script, properly quotes all arguments it receives. If `bird.sh` is a Python script, consider importing and calling its functions directly instead of using `subprocess.run`. | LLM | scripts/analyze_voice.py:20 | |
| HIGH | Execution of Unverified External Shell Script The `analyze_voice.py` script explicitly executes an external shell script located at a fixed path: `/data/workspace/bird.sh`. The contents and capabilities of `bird.sh` are not provided or auditable within this skill package. This grants the skill the ability to execute arbitrary code defined in `bird.sh` within the `/data/workspace` environment. This represents an excessive permission, as the skill's functionality is dependent on an unverified external executable, which could be malicious or vulnerable, leading to arbitrary code execution. Provide the source code for `bird.sh` for security review, or replace its functionality with a Python-native implementation to remove the dependency on an external shell script. If `bird.sh` must be used, ensure its functionality is minimal, strictly controlled, and that it is thoroughly audited for security vulnerabilities. | LLM | scripts/analyze_voice.py:16 |
Scan History
Embed Code
[](https://skillshield.io/report/0564e99088a9cf62)
Powered by SkillShield