Trust Assessment
asustor-pro-adaptive-suite received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Prompt Injection Attempt via Untrusted Skill Instructions, Hardcoded Empty Password for Root MySQL User, Insecure SSH Host Key Verification (AutoAddPolicy).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection Attempt via Untrusted Skill Instructions The `SKILL.md` file, explicitly marked as untrusted input, contains numerous instructions and behavioral directives for the host LLM. This attempts to manipulate the LLM's core behavior, role, and decision-making processes from an untrusted source, violating the principle of treating delimited content as data, not instructions. Remove all instructions and behavioral directives from the `SKILL.md` content that is delimited as untrusted input. The LLM's instructions should only come from trusted, pre-defined system prompts. | LLM | SKILL.md:1 | |
| CRITICAL | Hardcoded Empty Password for Root MySQL User The `nas_engine.py` script attempts to connect to a MySQL database as the 'root' user with an empty password. This is a severe security vulnerability, granting full administrative access to the database to any local process or attacker who can connect to the database, potentially leading to data compromise, modification, or deletion. Configure a strong password for the MySQL 'root' user and store it securely, preferably in an environment variable or a secrets management system. Avoid using the 'root' user for application-level connections; instead, create a dedicated user with minimal necessary privileges. | LLM | nas_engine.py:26 | |
| HIGH | Insecure SSH Host Key Verification (AutoAddPolicy) The `paramiko.AutoAddPolicy()` is used for SSH connections, which automatically adds new host keys to the `known_hosts` file without verification. This completely bypasses host key checking, making the SSH connection vulnerable to Man-in-the-Middle (MitM) attacks. An attacker could impersonate the NAS, intercept credentials, or execute arbitrary commands on the client or server. Implement proper host key verification. Use `paramiko.WarningPolicy()` to warn about unknown hosts, or preferably, `paramiko.RejectPolicy()` and pre-populate `known_hosts` with the legitimate NAS host key. This ensures that the client only connects to trusted servers. | LLM | nas_engine.py:10 | |
| MEDIUM | Broad Filesystem Access via Environment Variable The script uses `os.walk(root)` where `root` is obtained from the `NAS_ROOT_PATH` environment variable. If `NAS_ROOT_PATH` is configured to a broad directory (e.g., `/` or `C:\`), the skill gains extensive read access to the filesystem. While the skill claims 'Strict Read-Only', the scope of access is potentially excessive and could expose sensitive files if the environment variable is misconfigured. Ensure that the `NAS_ROOT_PATH` environment variable is strictly limited to the necessary NAS volumes or directories that require scanning. Avoid setting it to system-wide root directories. Implement additional checks to prevent scanning of sensitive system paths. | LLM | nas_engine.py:32 |
Scan History
Embed Code
[](https://skillshield.io/report/4c5be52c7503ffad)
Powered by SkillShield