Security Audit

slack-gif-creator

github.com/sickn33/antigravity-awesome-skills

Partial VerificationCommit 9f5351e844df

27

CRITICAL

Scanned about 1 month ago

0

Critical

Immediate action required

3

High

Priority fixes suggested

4

Medium

Best practices review

0

Low

Acknowledged / Tracked

Trust Assessment

This report is partially verified. Deterministic layers ran, but LLM behavioral analysis (L4) was not executed for this scan.

The current score of 27/100 is provisional and may change after a full L4 verification run.

Last analyzed on February 20, 2026 (commit 9f5351e8). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

55%

Static Code Analysis

100%

Dependency Graph

72%

LLM Behavioral SafetyNot run

—

Behavioral Risk Signals

Shell Execution

3 findings

Dynamic Code

3 findings

Security Findings7

Severity	Finding	Layer	Location
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/slack-gif-creator/core/easing.py:5
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/slack-gif-creator/core/frame_composer.py:5
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/slack-gif-creator/core/gif_builder.py:5
MEDIUM	Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/slack-gif-creator/requirements.txt:1
MEDIUM	Unpinned Python dependency version Requirement 'imageio>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/slack-gif-creator/requirements.txt:2
MEDIUM	Unpinned Python dependency version Requirement 'imageio-ffmpeg>=0.4.9' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/slack-gif-creator/requirements.txt:3
MEDIUM	Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/slack-gif-creator/requirements.txt:4

Scan History