Security Audit

upstash-redis-kv

github.com/intellectronica/agent-skills

AI SkillCommit 326f2466f4b7

TRUSTED

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

upstash-redis-kv received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Destructive Redis commands executable without internal confirmation.

The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 326f2466). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Destructive Redis commands executable without internal confirmation The `scripts/upstash-client.ts` script allows direct execution of highly destructive Redis commands such as `FLUSHDB` and `FLUSHALL` without any internal confirmation mechanism. While the `SKILL.md` explicitly instructs the agent to ask for user confirmation before executing such commands, the script itself does not enforce this policy. This creates a security gap where an agent could bypass the intended safety measure, either accidentally or maliciously, leading to irreversible data loss if the agent's implementation fails to strictly adhere to the `SKILL.md`'s instructions. Other destructive commands (e.g., `DEL`, `HSET`, `LPOP`, `ZREM`) also lack internal confirmation within the script. Implement confirmation logic directly within `scripts/upstash-client.ts` for all destructive commands, or ensure the agent's integration strictly enforces the confirmation policy described in `SKILL.md` before invoking the script with such commands. For `FLUSHDB` and `FLUSHALL`, consider adding an explicit `--force` flag to the script, requiring the user to acknowledge the danger before execution, even if the agent is in 'YOLO mode'.	Unknown	scripts/upstash-client.ts:210

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/81b38044eb79b36b.svg)](https://skillshield.io/report/81b38044eb79b36b)