Trust Assessment
upstash-redis-kv received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions: Destructive Redis Commands Exposed.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions: Destructive Redis Commands Exposed The `upstash-client.ts` script allows the execution of highly destructive Redis commands such as `FLUSHDB` and `FLUSHALL`, which can permanently delete all data in the Redis database(s). It also exposes `KEYS <pattern>`, which can enumerate all keys, potentially revealing sensitive data or enabling denial-of-service by overloading the Redis server in production environments. Although the `SKILL.md` instructs the agent to ask for confirmation and exercise 'extra caution' for these commands, the underlying script provides the raw capability. A failure in the agent's confirmation logic, or a successful prompt injection against the agent's reasoning, could lead to irreversible data loss or unauthorized data access without explicit user consent. Consider restricting the set of Redis commands available to the agent, especially highly destructive ones like `FLUSHDB` and `FLUSHALL`. If these commands are absolutely necessary, implement robust, explicit, and multi-factor confirmation mechanisms within the agent's core logic, independent of the skill's instructions. For `KEYS <pattern>`, prefer `SCAN` for production use cases to avoid performance issues and consider limiting the patterns allowed or redacting sensitive key names from output. | Static | scripts/upstash-client.ts:200 |
Scan History
Embed Code
[](https://skillshield.io/report/81b38044eb79b36b)
Powered by SkillShield