Trust Assessment
lista-sms received a trust score of 13/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 3 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Missing required field: name, Dangerous call: subprocess.check_output().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/david-evaristo/lista-sms/scripts/sms_reader.py:8 | |
| CRITICAL | Data Exfiltration of Sensitive SMS Messages The skill's explicit purpose, as described in SKILL.md and implemented in sms_reader.py, is to retrieve all unread SMS messages from a connected device and exfiltrate them by sending a CSV file containing sender numbers, dates, and message bodies directly into the LLM's conversation context. SMS messages are highly sensitive personal data, and their exfiltration poses a significant privacy risk. Re-evaluate the necessity of exfiltrating raw SMS content. If absolutely required, implement strict data minimization, anonymization, and user consent mechanisms. Consider processing sensitive data on-device or redacting personally identifiable information before transmission. Ensure the user is fully aware of the data being collected and shared. | LLM | SKILL.md:30 | |
| HIGH | Dangerous call: subprocess.check_output() Call to 'subprocess.check_output()' detected in function 'adb'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/david-evaristo/lista-sms/scripts/sms_reader.py:8 | |
| HIGH | Command Execution via ADB Shell The `scripts/sms_reader.py` file uses `subprocess.check_output` to execute `adb shell` commands. While the arguments passed to `adb` currently appear to be internally controlled, the presence of this capability means the skill can execute arbitrary commands on a connected Android device. A malicious modification to the skill's logic or a sophisticated prompt injection could potentially leverage this to execute unauthorized commands, leading to device compromise, data manipulation, or further exfiltration. Minimize the use of `subprocess` for executing external commands, especially powerful ones like `adb shell`. If necessary, ensure all arguments passed to `subprocess` are strictly validated and sanitized, and consider using more granular `adb` commands or APIs instead of a general shell. Implement robust input validation for any data that might influence command arguments. | LLM | scripts/sms_reader.py:6 | |
| HIGH | Excessive Permissions Granted by ADB Access The skill requires `adb` access to a connected device, which typically implies USB debugging is enabled and authorized. This grants extensive control over the device, far beyond merely reading SMS messages. `adb shell` allows for arbitrary command execution, file system access, and process management. This broad access creates a significant attack surface, as a compromised skill or LLM interaction could exploit these elevated permissions for malicious purposes. Review the necessity of full `adb shell` access. If possible, restrict the `adb` commands to the absolute minimum required for the skill's functionality. Explore alternative, less privileged methods for interacting with device SMS data if available. Clearly communicate the extensive permissions required to the user before skill activation. | LLM | scripts/sms_reader.py:5 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/david-evaristo/lista-sms/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/5f39ac130070eef8)
Powered by SkillShield