Security Audit
snyk/agent-scan:tests/skills/skill-creator
github.com/snyk/agent-scanTrust Assessment
snyk/agent-scan:tests/skills/skill-creator received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Path Traversal in Skill Initialization, Potential Data Exfiltration via Symlink in Skill Packaging.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 1, 2026 (commit 30a672c5). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | tests/skills/skill-creator/scripts/init_skill.py:66 | |
| HIGH | Path Traversal in Skill Initialization The `init_skill.py` script constructs file paths using user-provided `skill-name` and `path` arguments without sanitizing them for path traversal sequences. An attacker could provide a `skill-name` containing `../` or path separators (`/`) to create files and directories outside the intended skill directory, potentially overwriting or creating files in sensitive locations if the script has sufficient permissions. Sanitize the `skill_name` argument to prevent path traversal. Ensure it only contains valid characters for a directory name and does not include path separators (`/`, `\`) or `..` components. For example, use `Path(skill_name).name` to extract only the base name, or validate with a regular expression. | Static | scripts/init_skill.py:30 | |
| MEDIUM | Potential Data Exfiltration via Symlink in Skill Packaging The `package_skill.py` script uses `skill_path.rglob('*')` to collect files for packaging. If the `skill_path` argument is a symbolic link to a sensitive directory (e.g., `/etc`), and the script is executed with permissions to read that directory, it could inadvertently include arbitrary system files in the generated `.skill` archive. While `Path(skill_path).resolve()` canonicalizes the path, it will follow symlinks, making this a potential vector for data exfiltration if an attacker can control the `skill_path` argument or the environment where the script is run. Before iterating over files, verify that `skill_path` is not a symbolic link, or explicitly check that `skill_path.resolve()` remains within an allowed base directory. Alternatively, implement stricter validation to ensure `skill_path` points only to a legitimate skill directory and not an arbitrary location. | Static | scripts/package_skill.py:50 |
Scan History
Embed Code
[](https://skillshield.io/report/4422efc63f06b9f5)
Powered by SkillShield