Trust Assessment
homeassistant-skill received a trust score of 52/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Potential Shell Command Injection via Unsanitized Variables in `curl` Calls, Broad Network Access via `curl` Utility.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/anotb/homeassistant-skill/SKILL.md:9 | |
| HIGH | Potential Shell Command Injection via Unsanitized Variables in `curl` Calls The skill constructs `curl` commands using environment variables (`$HA_URL`, `$HA_TOKEN`) and placeholders like `ENTITY_ID` in URL paths. If the LLM substitutes untrusted user input for placeholders such as `ENTITY_ID` directly into the URL path (e.g., `"$HA_URL/api/states/ENTITY_ID"`) without proper shell escaping or URL encoding, an attacker could inject arbitrary shell commands. For example, if `ENTITY_ID` is `foo; evil_command`, the shell would execute `evil_command` on the host system. While `$HA_URL` is an environment variable, its content should also be treated with caution if it could be influenced by untrusted sources. When constructing shell commands, ensure all variables and placeholders derived from untrusted sources (especially user input for `ENTITY_ID` or other URL components) are rigorously shell-escaped before being embedded into the command string. For URL paths, URL encoding should also be applied to prevent both shell injection and malformed requests. | LLM | SKILL.md:48 | |
| MEDIUM | Broad Network Access via `curl` Utility The skill explicitly requires and utilizes the `curl` utility, which inherently grants broad capabilities for making arbitrary network requests. While the provided examples demonstrate its use for legitimate Home Assistant API interactions, the underlying `curl` command can be directed to any URL. If the LLM is prompted to construct `curl` commands to external, non-Home Assistant endpoints, it could be used for data exfiltration (e.g., sending `HA_TOKEN` to an attacker-controlled server if `$HA_URL` is manipulated) or other malicious network activities. The manifest explicitly lists `curl` as a required binary, indicating its intended use, but also highlighting the inherent power and potential for misuse. Implement strict validation and filtering of target URLs if the LLM is allowed to dynamically construct them. Ensure `curl` is only used to interact with the intended Home Assistant instance (`$HA_URL`). Consider sandboxing the execution environment to restrict network access to only approved endpoints. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/b50ff22fb04cc284)
Powered by SkillShield