Trust Assessment
google-home received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Skill handles sensitive Google OAuth credentials, Skill operates with broad Google Assistant SDK permissions, Unpinned Python dependencies in setup instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill handles sensitive Google OAuth credentials The `control.py` script loads and utilizes highly sensitive Google OAuth credentials (client_id, client_secret, refresh_token) from `credentials.json` or an environment variable. While necessary for the skill's operation, this makes the skill a high-value target. A compromise of the skill's execution environment could lead to the exfiltration of these credentials, granting an attacker full access to the user's Google Assistant capabilities and potentially other linked smart home devices. Implement secure credential storage and access mechanisms. Consider using a secrets management service or environment-specific secrets injection rather than direct file access, especially for `client_secret`. Ensure the execution environment is highly secured and isolated. Regularly rotate credentials. | LLM | scripts/control.py:30 | |
| HIGH | Skill operates with broad Google Assistant SDK permissions The skill's core functionality involves controlling smart home devices through the Google Assistant SDK, requiring the user to grant the `https://www.googleapis.com/auth/assistant-sdk-prototype` OAuth scope during setup. This scope provides extensive control over the user's Google Assistant capabilities. While necessary for the skill's intended purpose, this means a compromised skill could perform a wide range of actions on the user's smart home devices without further user consent, including turning devices on/off, adjusting settings, or potentially interacting with other linked services. Ensure the principle of least privilege is applied. If possible, narrow down the required OAuth scopes to only those strictly necessary for the skill's specific functions. Clearly communicate the extent of permissions to the user during installation and usage. Implement robust logging and monitoring for actions performed by the skill. | LLM | SKILL.md:49 | |
| MEDIUM | Unpinned Python dependencies in setup instructions The `SKILL.md` file instructs users to install Python packages (`google-assistant-sdk[samples]`, `google-auth-oauthlib[tool]`, `tenacity`) without specifying exact versions. This practice, known as unpinned dependencies, introduces a supply chain risk. If a malicious update to any of these packages or their transitive dependencies is released, it could compromise the skill's environment upon installation, potentially leading to arbitrary code execution or data exfiltration. Pin all dependencies to specific versions (e.g., `package==1.2.3`) to ensure reproducible and secure installations. Consider using a `requirements.txt` file with hashed dependencies (`pip install -r requirements.txt --require-hashes`) to further mitigate supply chain risks. | LLM | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/eec4ec61d54f26c2)
Powered by SkillShield