Trust Assessment
iserv received a trust score of 54/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 2 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Suspicious import: requests, Skill allows reading/writing arbitrary local files.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/finnbusse/iserv/scripts/iserv.py:1401 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/finnbusse/iserv/scripts/iserv.py:68 | |
| MEDIUM | Skill allows reading/writing arbitrary local files The `files-download` command allows writing to any local directory specified by the `--out-dir` argument. Similarly, `files-upload` allows reading any local file specified by `--file`. While the script sanitizes the server-provided filename for downloads (using `Path(...).name`), the target directory for downloads and the source file for uploads are directly used from user input. A malicious prompt could instruct the LLM to provide sensitive paths (e.g., `/etc/passwd` for upload, `/` for download output), leading to data exfiltration, overwriting critical system files, or placing malicious executables if the agent has sufficient permissions. Implement strict allow-listing or sandboxing for file paths provided by the LLM or user. Restrict `--out-dir` to a dedicated, isolated download directory and `--file` to a dedicated, isolated upload directory. The agent orchestrating the skill should enforce these restrictions before invoking the skill. | LLM | scripts/iserv.py:700 | |
| LOW | Unpinned Python dependencies The `scripts/iserv.py` script imports external libraries, notably `requests`. However, there is no `requirements.txt` or similar mechanism to pin the exact versions of these dependencies. This can lead to supply chain vulnerabilities if a future version of a dependency introduces a breaking change, a security flaw, or is compromised. Without pinned versions, the skill's behavior and security posture can change unexpectedly over time. Add a `requirements.txt` file specifying exact versions for all external Python dependencies (e.g., `requests==2.28.1`). Ensure that the skill's environment is built using these pinned dependencies to guarantee consistent and secure execution. | LLM | scripts/iserv.py:30 |
Scan History
Embed Code
[](https://skillshield.io/report/f0ee822cc10766e7)
Powered by SkillShield