Trust Assessment
alexa-remote received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Alexa Refresh Token Exposure, Untrusted Input Passed to External Shell Script, Unpinned External Dependencies (Supply Chain Risk).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Alexa Refresh Token Exposure The skill instructs users to store a sensitive `REFRESH_TOKEN` directly in a shell script (`alexa-alarm.sh` example in SKILL.md) or requires it as an environment variable (`scripts/alexa-cmd.sh`). Hardcoding credentials in scripts is a significant security risk as it can lead to accidental exposure (e.g., via version control) or compromise if the script or environment is accessed by unauthorized parties. Environment variables, while better than hardcoding, are still accessible by child processes and potentially other processes on the same system, making them vulnerable to exfiltration. Advise users to store the `REFRESH_TOKEN` in a secure secrets management system (e.g., AWS Secrets Manager, HashiCorp Vault, or a local `.env` file managed by a tool that doesn't expose it to the shell environment directly) and retrieve it at runtime, rather than hardcoding or relying solely on environment variables. If environment variables are used, ensure the execution environment is tightly controlled and isolated. | LLM | SKILL.md:27 | |
| HIGH | Untrusted Input Passed to External Shell Script The `scripts/alexa-cmd.sh` script takes user-provided input (`$COMMAND`) and directly interpolates it into a string passed as an argument to an external shell script (`alexa_remote_control.sh`). If `alexa_remote_control.sh` does not properly sanitize or escape this input before using it in an `eval` context, `bash -c`, or other shell execution contexts, a malicious user could inject arbitrary shell commands. For example, a command like `"Set an alarm for 6:30 am; rm -rf /"` could lead to data loss if not handled correctly by the underlying script. The `alexa_remote_control.sh` script should be reviewed for command injection vulnerabilities. If it's vulnerable, the `alexa-cmd.sh` script should sanitize or escape the `$COMMAND` input before passing it. A safer approach might be to pass the command via standard input or a temporary file if the external script supports it, or to ensure the external script explicitly uses `printf %q` or similar for arguments that might be executed. | LLM | scripts/alexa-cmd.sh:17 | |
| MEDIUM | Unpinned External Dependencies (Supply Chain Risk) The skill relies on external dependencies (`alexa-remote-control` and `alexa-cookie-cli`) without pinning specific versions. Cloning a Git repository without specifying a commit hash or tag (`git clone https://github.com/adn77/alexa-remote-control.git`) means that future installations could fetch a different, potentially malicious, version if the upstream repository is compromised. Similarly, `npx alexa-cookie-cli` by default fetches and executes the latest version of a package, introducing a significant supply chain risk as a malicious update could lead to arbitrary code execution during the setup phase. For `alexa-remote-control`, pin the dependency to a specific commit hash or tag (e.g., `git clone -b <tag_or_hash> ...`). For `alexa-cookie-cli`, use a version-pinned installation method (e.g., `npm install -g alexa-cookie-cli@<version>` and then `alexa-cookie-cli`, or `npx alexa-cookie-cli@<version>`). Regularly review and update pinned versions. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/1e854e16fce98d31)
Powered by SkillShield