Trust Assessment
specstory-link-trail received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Read via Unrestricted Glob Patterns.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9454d3f2). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via Unrestricted Glob Patterns The `parse_webfetch.py` script accepts arbitrary glob patterns as command-line arguments, which are then expanded by `glob.glob()` and read using `open()`. While the skill's primary purpose is to process `.specstory/history` files, the implementation does not restrict the file paths to this directory. An attacker could craft a prompt to the LLM that causes it to execute the script with a malicious glob pattern (e.g., `/etc/passwd`, `~/.ssh/*`, `/*`), leading to the reading and potential exfiltration of sensitive system files or user credentials. The declared `Read` permission is used in an overly broad manner due to the lack of input validation on the file paths, allowing access to any file readable by the agent's execution context. Implement strict validation or sanitization of input file paths/patterns. Instead of directly using `sys.argv` for glob patterns, the skill should either: 1. Hardcode the target directory (e.g., `.specstory/history/`) and only allow filename components or date patterns within that directory. 2. Validate that all resolved file paths are strictly within the expected `.specstory/history` directory using `pathlib.Path.resolve()` and checking for `is_relative_to()` or similar path containment checks. 3. If arbitrary glob patterns are truly intended, this risk should be explicitly documented and the user should be warned about the potential for reading sensitive files. However, for a general skill, restricting scope is safer. | LLM | parse_webfetch.py:60 |
Scan History
Embed Code
[](https://skillshield.io/report/003bc0bfa6fa2466)
Powered by SkillShield