Trust Assessment
xiao-fan-ka received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Unpinned third-party dependency `duckduckgo_search`, Network requests routed through user-defined proxy, Skill writes to its own data directory.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned third-party dependency `duckduckgo_search` The skill uses the `duckduckgo_search` library without specifying a version constraint. This makes the skill vulnerable to supply chain attacks, where a malicious update to the library could be automatically installed, potentially leading to arbitrary code execution or data exfiltration. It is a best practice to pin dependencies to specific, known-good versions. Pin the `duckduckgo_search` dependency to a specific, known-good version in a `requirements.txt` file or similar dependency management system (e.g., `duckduckgo_search==X.Y.Z`). | LLM | scripts/search.py:23 | |
| HIGH | Unpinned third-party dependency `duckduckgo_search` The skill uses the `duckduckgo_search` library without specifying a version constraint. This makes the skill vulnerable to supply chain attacks, where a malicious update to the library could be automatically installed, potentially leading to arbitrary code execution or data exfiltration. It is a best practice to pin dependencies to specific, known-good versions. Pin the `duckduckgo_search` dependency to a specific, known-good version in a `requirements.txt` file or similar dependency management system (e.g., `duckduckgo_search==X.Y.Z`). | LLM | scripts/search_xhs.py:23 | |
| MEDIUM | Network requests routed through user-defined proxy The skill reads the `DDGS_PROXY` environment variable and uses it to route all DuckDuckGo search requests. If an untrusted or malicious proxy server is configured by the user (or an attacker), it could intercept all search queries and their responses, potentially leading to information disclosure. While search queries are often public, this mechanism introduces a vector for potential data interception. Advise users to only use trusted proxy servers. If the skill were to handle more sensitive data, additional warnings or confirmation steps would be recommended. | LLM | scripts/search.py:14 | |
| MEDIUM | Network requests routed through user-defined proxy The skill reads the `DDGS_PROXY` environment variable and uses it to route all DuckDuckGo search requests. If an untrusted or malicious proxy server is configured by the user (or an attacker), it could intercept all search queries and their responses, potentially leading to information disclosure. While search queries are often public, this mechanism introduces a vector for potential data interception. Advise users to only use trusted proxy servers. If the skill were to handle more sensitive data, additional warnings or confirmation steps would be recommended. | LLM | scripts/search_xhs.py:14 | |
| INFO | Skill writes to its own data directory The skill creates and writes JSON profile data (`taste-profile.json`) within its own `data` subdirectory (`skills/oakcoderx/xiao-fan-ka/data`). This grants the skill write access to its local storage. While this is necessary for its functionality (managing user preferences), it's a permission that could be exploited if combined with a command injection vulnerability (though none are directly identified here). The scope is limited to the skill's own directory, which is a reasonable confinement. Ensure that all inputs leading to file write operations are thoroughly sanitized and validated to prevent path traversal or malicious content injection. In this case, JSON serialization helps mitigate some risks, but general input validation is always recommended. | LLM | scripts/onboard.py:17 |
Scan History
Embed Code
[](https://skillshield.io/report/7db9e6717fa8f7f8)
Powered by SkillShield