Trust Assessment
xiaohongshu-extract received a trust score of 61/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Suspicious import: requests, Arbitrary File Write via User-Controlled Output Path, Server-Side Request Forgery (SSRF) via User-Controlled URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via User-Controlled Output Path The skill allows users to specify an arbitrary file path for output using the `--output` argument. This can lead to path traversal vulnerabilities, enabling an attacker to write or overwrite sensitive system files (e.g., `/etc/passwd`, `/root/.ssh/authorized_keys`) with potentially malicious content, leading to privilege escalation or system compromise. Restrict the `--output` argument to a predefined, secure directory (e.g., a temporary directory or a user-specific sandbox). Validate and sanitize file paths to prevent path traversal characters (e.g., `../`). Consider using a file picker or a more controlled mechanism for output if direct file path input is not strictly necessary. | LLM | scripts/xiaohongshu_extract.py | |
| HIGH | Server-Side Request Forgery (SSRF) via User-Controlled URL The `fetch_url` function makes an HTTP GET request to a URL provided directly by the user via the `url` argument. This allows an attacker to craft a malicious URL to access internal network resources, bypass firewall rules, or interact with services not intended to be exposed externally. The `allow_redirects=True` setting could exacerbate the issue by following redirects to internal IPs. Implement strict URL validation to ensure only allowed domains and schemes are accessed. Consider using a whitelist of permitted hosts. If internal access is required, ensure proper authentication and authorization are in place for those resources. Disable `allow_redirects` or restrict it to trusted domains. | LLM | scripts/xiaohongshu_extract.py:32 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jovijovi/xiaohongshu-extract/scripts/xiaohongshu_extract.py:9 | |
| MEDIUM | Unpinned Third-Party Dependencies The `requests` library is imported and used, but there is no `requirements.txt`, `pyproject.toml`, or similar file provided to pin its version. This lack of version pinning can lead to supply chain risks, as a future update to `requests` or its transitive dependencies could introduce vulnerabilities or breaking changes without explicit review, or an attacker could publish a malicious version with the same name. Create a `requirements.txt` or `pyproject.toml` file and pin all third-party dependencies to specific, known-good versions (e.g., `requests==2.28.1`). Regularly review and update these dependencies to incorporate security patches while maintaining control over the versions used. | LLM | scripts/xiaohongshu_extract.py:10 |
Scan History
Embed Code
[](https://skillshield.io/report/e542a06333131e99)
Powered by SkillShield