Trust Assessment
home-assistant received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 1 high, 2 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Network egress to untrusted endpoints, Persistence mechanism: Shell RC file modification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/ericarnoldy/hass-cli/SKILL.md:44 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/ericarnoldy/hass-cli/SKILL.md:26 | |
| CRITICAL | Potential Command Injection via hass-cli arguments The skill's documentation demonstrates the use of `hass-cli` with arguments like `entity_id` and `--arguments`. If these parameters are constructed directly from untrusted user input without proper sanitization or escaping, an attacker could inject arbitrary shell commands or manipulate `hass-cli` behavior. For example, injecting `entity_id=light.kitchen; rm -rf /` or similar into the arguments could lead to severe system compromise. Implement robust input validation and sanitization for all user-provided arguments before constructing and executing `hass-cli` commands. Ensure that all arguments are properly escaped for the shell environment to prevent injection of malicious commands or parameters. Consider using a dedicated library for shell command construction that handles escaping automatically. | LLM | SKILL.md:70 | |
| HIGH | Excessive Permissions via Long-Lived Access Token The skill requires a 'Long-Lived Access Token' for Home Assistant. These tokens typically grant broad and persistent access to the entire Home Assistant instance, including control over devices, automations, and sensitive data. If this token is compromised, an attacker could gain full control over the user's smart home environment, leading to significant privacy and security breaches. The principle of least privilege is not followed. Whenever possible, use tokens or credentials with the principle of least privilege. Investigate if Home Assistant offers more granular access tokens or API keys that can be scoped to only the specific services and entities required by the skill. If not, ensure the token is stored securely and its exposure surface is minimized. Regularly rotate tokens. | LLM | SKILL.md:42 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/ericarnoldy/hass-cli/SKILL.md:44 | |
| MEDIUM | Unpinned Dependency in Installation Instructions The installation instructions recommend `pip install homeassistant-cli` without specifying a version. This practice can lead to supply chain risks, as a future malicious or vulnerable version of the `homeassistant-cli` package could be installed if the package maintainer's repository is compromised or a typosquatting attack occurs. This lack of version pinning makes the installation non-deterministic and potentially insecure. Pin the version of `homeassistant-cli` in the installation instructions (e.g., `pip install homeassistant-cli==X.Y.Z`) to ensure that a specific, known-good version is always installed. Regularly review and update the pinned version to incorporate security patches while maintaining control over dependencies. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/05c2b358781b8500)
Powered by SkillShield