Trust Assessment
zoom-unofficial-community-skill received a trust score of 26/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 4 high, 2 medium, and 1 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Unpinned Python dependencies in setup instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'get_token' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/tanchunsiong/zoom-unofficial-community-skill/scripts/zoom.py:65 | |
| HIGH | Potential data exfiltration: file read + network send Function 'cmd_recordings_download' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/tanchunsiong/zoom-unofficial-community-skill/scripts/zoom.py:356 | |
| HIGH | Potential data exfiltration: file read + network send Function 'cmd_recordings_download_transcript' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/tanchunsiong/zoom-unofficial-community-skill/scripts/zoom.py:396 | |
| HIGH | Arbitrary file write vulnerability via `--output` argument The `cmd_recordings_download`, `cmd_recordings_download_transcript`, and `cmd_recordings_download_summary` functions in `scripts/zoom.py` allow users to specify an arbitrary output directory via the `--output` command-line argument. An attacker could exploit this by providing an absolute path (e.g., `/etc/passwd`, `/root/.ssh/authorized_keys`) or using path traversal sequences (`../`) to write downloaded files to sensitive or critical system locations. This could lead to privilege escalation, denial of service, or data corruption. Sanitize the `--output` argument to restrict file writes to a designated, safe download directory. Prevent the use of absolute paths or path traversal sequences (`../`). For example, resolve the path to ensure it is always a subdirectory of a controlled base directory (e.g., `os.path.abspath(os.path.join(base_download_dir, user_input_path))` and then verify it's still within `base_download_dir`). | LLM | scripts/zoom.py:400 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/tanchunsiong/zoom-unofficial-community-skill/scripts/zoom.py:22 | |
| MEDIUM | Zoom API access token cached in insecure temporary file The `scripts/zoom.py` script caches the Zoom API access token in `/tmp/zoom_token.json`. Files stored in `/tmp` are often world-readable or accessible by other users on a multi-user system, depending on system configuration and umask. This could expose the access token to unauthorized local attackers, allowing them to impersonate the skill or the configured Zoom user. The token also persists until it expires or is manually deleted, increasing the window of vulnerability. Store sensitive tokens in a more secure location with restricted permissions (e.g., a user-specific directory with `0600` permissions). Consider using a secure credential store or ensuring the token is immediately invalidated after use if possible. If a temporary file is necessary, ensure it's created with appropriate permissions (e.g., using `tempfile.NamedTemporaryFile` with `delete=True` and secure modes). | LLM | scripts/zoom.py:24 | |
| LOW | Unpinned Python dependencies in setup instructions The `SKILL.md` documentation recommends installing Python packages (`requests`, `PyJWT`) without specifying exact version pins. This practice can introduce supply chain risks, as future versions of these libraries might contain vulnerabilities, breaking changes, or malicious code. While this is a setup instruction for the user, it directly impacts the security posture of the skill's runtime environment. Pin dependencies to specific, known-good versions (e.g., `requests==2.28.1 PyJWT==2.6.0`) to ensure consistent and secure environments. Consider using a `requirements.txt` file. | LLM | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/a169117128e2b81b)
Powered by SkillShield