Trust Assessment
screenshots received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary code execution via unsanitized user input in generated Playwright script, User credentials written to temporary, unencrypted script file, Broad shell command execution capabilities.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary code execution via unsanitized user input in generated Playwright script The skill generates a Node.js Playwright script (`screenshot-script.mjs`) and executes it using `node screenshot-script.mjs`. Several variables within this script, such as `BASE_URL`, `AUTH.loginUrl`, `AUTH.email`, `AUTH.password`, `SCREENSHOTS[].url`, `SCREENSHOTS[].waitFor`, `SCREENSHOTS[].actions[].click`, `SCREENSHOTS[].actions[].fill.selector`, and `SCREENSHOTS[].actions[].fill.value`, are populated directly from user-provided input without proper sanitization or escaping. An attacker providing specially crafted input (e.g., `"; console.log(process.env); //`) for any of these string variables could inject and execute arbitrary JavaScript code within the Node.js environment where the script runs. This allows for full control over the execution environment, including reading/writing files, exfiltrating environment variables, or performing other malicious actions. All user-provided strings that are interpolated into the generated JavaScript script must be properly escaped to prevent them from breaking out of string literals and injecting arbitrary code. A more robust solution would be to pass user inputs as command-line arguments or environment variables to the script, and parse them securely within the script, rather than embedding them directly as string literals. | LLM | SKILL.md:190 | |
| HIGH | User credentials written to temporary, unencrypted script file The skill explicitly asks the user for sensitive login credentials (email/username and password). These credentials are then directly embedded into the `screenshot-script.mjs` file as plain text string literals. This temporary file is then executed and subsequently deleted. While the file is temporary, its creation on the filesystem with sensitive credentials in plain text poses a risk. If the system crashes, the file is not properly deleted, or if an attacker has temporary access to the filesystem during the execution window, these credentials could be harvested. This also increases the attack surface for the command injection vulnerability, as it makes credentials available for exfiltration if code injection occurs. Avoid writing sensitive credentials directly into temporary script files. If credentials must be passed to a local script, consider using secure methods like environment variables (which should be cleared after use), secure temporary files with restricted permissions, or a dedicated credential management system. Ensure that any temporary files containing credentials are securely deleted immediately after use. | LLM | SKILL.md:197 | |
| MEDIUM | Broad shell command execution capabilities The skill requires and executes multiple shell commands (`npx`, `npm`, `mkdir`, `node`, `rm`, `ls`, `sips`, `file`). While these commands are necessary for the skill's functionality (checking for Playwright, creating directories, running the script, cleaning up, verifying output), the broad capability to execute arbitrary shell commands increases the attack surface. In conjunction with the command injection vulnerability (SS-LLM-003), this capability becomes critical, as an attacker could leverage the injected code to execute arbitrary shell commands beyond what is intended. While some shell execution is inherent to this skill, minimize the scope and number of direct shell calls where possible. Ensure that any arguments passed to shell commands are strictly controlled and properly escaped to prevent shell injection. Prioritize using safer, language-native APIs over shell commands when available and secure. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/22b9704ce8d4cb02)
Powered by SkillShield