Trust Assessment
specstory-yak received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Arbitrary `cwd` for `git blame` can trigger malicious git hooks.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 9454d3f2). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/specstory-yak/scripts/lib/utils.py:25 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_git_author'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/specstory-yak/scripts/lib/utils.py:25 | |
| MEDIUM | Arbitrary `cwd` for `git blame` can trigger malicious git hooks The `get_git_author` function executes `git blame` using `subprocess.run`. The `cwd` for this command is set to `filepath.parent`. If the `filepath` (which can be derived from a user-controlled `--path` argument or the current working directory) points to a file within a malicious git repository, `git blame` might trigger pre-configured git hooks (e.g., `post-checkout`, `pre-commit`) present in that repository, leading to arbitrary code execution. This is a known attack vector for `git` commands run in untrusted repositories. 1. **Sanitize `filepath`**: Ensure that the `filepath` being processed is within a trusted and expected directory structure, or at least warn the user if an untrusted path is provided. 2. **Isolate `git` execution**: If possible, run `git blame` in a more isolated environment or explicitly set `GIT_NO_VERIFY=1` (though this might not prevent all hooks). 3. **Add warning**: Inform users that running the analyzer on untrusted `.specstory/history` directories (especially those within untrusted git repositories) could pose a security risk. 4. **Consider alternative**: If only the author name is needed and not the full git history context, explore if there's a safer way to retrieve this information without running `git blame` in a potentially malicious `cwd`. | LLM | scripts/lib/utils.py:19 |
Scan History
Embed Code
[](https://skillshield.io/report/ef6058ff946d117a)
Powered by SkillShield