Trust Assessment
lyrion-music received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Remote code execution: curl/wget pipe to shell, Data Exfiltration via Environment Variable Controlled Host, JSON Injection via Unescaped User Input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/photonixlaser-ux/lyrion-music-skill/scripts/lyrion.sh:73 | |
| HIGH | Data Exfiltration via Environment Variable Controlled Host The `LYRION_HOST` environment variable directly controls the target URL for all JSON-RPC requests made by the skill. If an attacker can manipulate this environment variable in the execution environment of the skill, they can redirect all network traffic, including user-provided inputs (such as player IDs, URIs, and search terms), to an arbitrary, attacker-controlled server. This allows for the exfiltration of sensitive user data and interaction details. Restrict the `LYRION_HOST` variable to a whitelist of trusted IP addresses or domains. If user configuration is necessary, implement strict validation to ensure the host value is safe and does not point to untrusted external resources. Ensure the skill execution environment prevents untrusted modification of environment variables. | LLM | scripts/lyrion.sh:4 | |
| MEDIUM | JSON Injection via Unescaped User Input User-provided inputs (e.g., `player_id`, `uri`, `volume` values, `search` terms) are directly embedded into the JSON payload constructed by the `send_request` function without proper escaping of special characters, specifically double quotes (`"`). An attacker can inject unescaped double quotes into these parameters, leading to malformed JSON. While a strict JSON parser on the Lyrion Music Server might simply reject such requests, a vulnerable or lenient parser could misinterpret the payload, potentially leading to server-side injection vulnerabilities (e.g., SQL injection, NoSQL injection, or even code execution if the server dynamically evaluates parts of the JSON). This is a client-side vulnerability in the JSON construction logic. Before embedding any user input into the JSON string, all double quotes (`"`) and backslashes (`\`) within the input must be properly escaped. A helper function should be used to sanitize these inputs, replacing `\` with `\\` and `"` with `\"`. | LLM | scripts/lyrion.sh:29 |
Scan History
Embed Code
[](https://skillshield.io/report/e8d4caa428a68a6f)
Powered by SkillShield