Trust Assessment
karakeep received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 3 medium, and 0 low severity. Key findings include Suspicious import: requests, API Key exposed via command-line argument, API Key stored in config file without explicit restrictive permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | API Key exposed via command-line argument The `login` command requires the API key to be passed directly as a command-line argument. This is a significant security risk as command-line arguments can be visible in process lists (`ps aux`), shell history, and system logs, potentially exposing the API key to other users or processes on the system. Modify the `login` command to prompt the user for the API key interactively (e.g., using `getpass`), or require it to be set via an environment variable. Avoid passing sensitive credentials directly on the command line. | LLM | scripts/karakeep-cli.py:100 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jayphen/karakeep/scripts/karakeep-cli.py:5 | |
| MEDIUM | API Key stored in config file without explicit restrictive permissions The `save_config` function writes the API key to `~/.config/karakeep/config.json`. While this is a common practice for CLI tools, the script does not explicitly set restrictive file permissions (e.g., `chmod 600`) on the configuration file. This could lead to unauthorized access if the user's umask is permissive or if the file system permissions are otherwise compromised, potentially exposing the API key to other users on a multi-user system. After writing the configuration file, explicitly set its permissions to be readable only by the owner (e.g., `os.chmod(config_path, 0o600)`). | LLM | scripts/karakeep-cli.py:29 | |
| MEDIUM | API Key sent to user-configurable, unvalidated URL The skill sends the API key to an instance URL (`url`) that is retrieved from environment variables or a local configuration file. The skill does not perform any validation or sanitization of this URL. If an attacker can manipulate the `KARAKEEP_URL` environment variable or the `url` entry in `~/.config/karakeep/config.json`, they could redirect API requests, including the `Authorization` header containing the API key, to a malicious server, leading to data exfiltration. Implement validation for the `url` parameter, such as checking if it uses `https` and potentially whitelisting known Karakeep instance domains if applicable. Warn users about the risks of setting the URL to untrusted sources. | LLM | scripts/karakeep-cli.py:40 |
Scan History
Embed Code
[](https://skillshield.io/report/537636e88a7dd16f)
Powered by SkillShield