Security Audit

upstash-redis-kv

github.com/intellectronica/agent-skills

AI SkillCommit 326f2466f4b7

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

upstash-redis-kv received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Destructive Redis commands executable without internal confirmation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 326f2466). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Destructive Redis commands executable without internal confirmation The `scripts/upstash-client.ts` script allows direct execution of highly destructive Redis commands such as `FLUSHDB` and `FLUSHALL` without any internal confirmation mechanism. While the `SKILL.md` explicitly instructs the agent to ask for user confirmation before executing such commands, the script itself does not enforce this policy. This creates a security gap where an agent could bypass the intended safety measure, either accidentally or maliciously, leading to irreversible data loss if the agent's implementation fails to strictly adhere to the `SKILL.md`'s instructions. Other destructive commands (e.g., `DEL`, `HSET`, `LPOP`, `ZREM`) also lack internal confirmation within the script. Implement confirmation logic directly within `scripts/upstash-client.ts` for all destructive commands, or ensure the agent's integration strictly enforces the confirmation policy described in `SKILL.md` before invoking the script with such commands. For `FLUSHDB` and `FLUSHALL`, consider adding an explicit `--force` flag to the script, requiring the user to acknowledge the danger before execution, even if the agent is in 'YOLO mode'.	LLM	scripts/upstash-client.ts:210

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/81b38044eb79b36b.svg)](https://skillshield.io/report/81b38044eb79b36b)