Security Audit
ZunbaRan/excalidraw-slides-skills:root
github.com/ZunbaRan/excalidraw-slides-skillsTrust Assessment
ZunbaRan/excalidraw-slides-skills:root received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Direct Shell Command Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 2, 2026 (commit 55ee4ef9). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct Shell Command Execution The skill explicitly instructs the agent to execute a shell command (`openssl rand -hex 16`) to generate a file ID. This indicates the agent has direct shell access. While the current command is benign, this capability can be exploited for command injection if an attacker can influence the command or its arguments, leading to arbitrary code execution on the host system. Avoid direct shell command execution. If a unique ID is needed, use an internal LLM function or a secure, sandboxed utility provided by the agent's environment (e.g., a Python `uuid` library call if the agent supports Python execution, or a dedicated `generate_uuid` tool). If shell execution is absolutely necessary, ensure all arguments are strictly validated and sanitized, and the command is executed within a highly restricted sandbox. | LLM | SKILL.md:89 |
Scan History
Embed Code
[](https://skillshield.io/report/15292ee6708ae47f)
Powered by SkillShield