code-review-security

github.com/hieutrtr/ai1-skills
Verdict: Proceed with caution
0 critical1 high9 medium
C
SCORE 55 / 100
$skillox install code-review-securitySoon
Sign in to followFollowing emails you when a re-scan drops the grade. Opt-out is per-creator on /account/billing.

Why grade C?

score · 55 / 100

The current grade reflects 9 medium findings (6+ MEDs → C).

0 CRIT1 HIGH9 MED0 LOW
To reach a higher grade
  • B
    Reach Btarget score 75

    Resolve 4 of 9 MED (cap is 5).

  • A
    Reach Atarget score 95

    Resolve all 1 HIGH + 7 of 9 MED (cap is 2).

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-pko21a2fxo0n2warniqn8huq · Thu, 28 May 2026 17:47:46 GMT · 3ms

high
Shell-injection vector: Python subprocess with f-string + shell=True candidate
The skill constructs a shell command by interpolating into a string passed to an exec-family function (`Python subprocess with f-string + shell=True candidate`). If the interpolated value comes from agent context or user input, this is direct command injection. Use parameterized APIs (`spawn` with an arg-array, `subprocess.run([...])` without `shell=True`).
rule: shell-injection-templateline: 142CWE-78
140
141# BAD: Command injection
142subprocess.run(f"convert {filename}", shell=True)Python subprocess with f-string + shell=True candidate — use a parameterized API instead
143
144# GOOD: Pass arguments as a list
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 125CWE-78
123**What to look for:**
124- Raw SQL queries with string interpolation
125- `eval()`, `exec()`, `compile()` with user inputspawns a subprocess outside declared capabilities
126- `subprocess` calls with `shell=True`
127- Template injection
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 142CWE-78
140
141# BAD: Command injection
142subprocess.run(f"convert {filename}", shell=True)spawns a subprocess outside declared capabilities
143
144# GOOD: Pass arguments as a list
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 145CWE-78
143
144# GOOD: Pass arguments as a list
145subprocess.run(["convert", filename], shell=False)spawns a subprocess outside declared capabilities
146
147# BAD: Code execution with user input
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 156CWE-78
154**Review checklist:**
155- [ ] No raw SQL with string interpolation (use ORM or parameterized queries)
156- [ ] No `eval()`, `exec()`, or `compile()` with external inputspawns a subprocess outside declared capabilities
157- [ ] No `subprocess.run(..., shell=True)` with dynamic arguments
158- [ ] No `pickle.loads()` on untrusted data
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 157CWE-78
155- [ ] No raw SQL with string interpolation (use ORM or parameterized queries)
156- [ ] No `eval()`, `exec()`, or `compile()` with external input
157- [ ] No `subprocess.run(..., shell=True)` with dynamic argumentsspawns a subprocess outside declared capabilities
158- [ ] No `pickle.loads()` on untrusted data
159- [ ] All user input validated by Pydantic schemas before use
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 312CWE-78
310| `eval(user_input)` | Remote code execution | Remove or use `ast.literal_eval` |
311| `pickle.loads(data)` | Arbitrary code execution | Use JSON or `msgpack` |
312| `subprocess.run(cmd, shell=True)` | Command injection | Pass args as list, `shell=False` |spawns a subprocess outside declared capabilities
313| `yaml.load(data)` | Code execution | Use `yaml.safe_load(data)` |
314| `os.system(cmd)` | Command injection | Use `subprocess.run([...])` |
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 314CWE-78
312| `subprocess.run(cmd, shell=True)` | Command injection | Pass args as list, `shell=False` |
313| `yaml.load(data)` | Code execution | Use `yaml.safe_load(data)` |
314| `os.system(cmd)` | Command injection | Use `subprocess.run([...])` |spawns a subprocess outside declared capabilities
315| Raw SQL strings | SQL injection | Use ORM or parameterized queries |
316| `hashlib.md5(password)` | Weak hashing | Use `bcrypt` via `passlib` |
med
Arbitrary subprocess execution detected
The skill spawns subprocesses. Without a capability manifest declaring this, the skill could execute arbitrary commands.
rule: subprocess-executionline: 403CWE-78
401
402Use `scripts/security-scan.py` to perform AST-based scanning for common vulnerability patterns in Python code. The script scans for:
403- `eval()` / `exec()` / `compile()` callsspawns a subprocess outside declared capabilities
404- `subprocess` with `shell=True`
405- `pickle.loads()` on potentially untrusted data
med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
View latest scan →
skillox.io/c/code-review-security