Trust Assessment
mqtt-client received a trust score of 13/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 1 critical, 3 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.check_call(), Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/enchantedmotorcycle/mqtt-client/scripts/run.py:9 | |
| HIGH | Dangerous call: subprocess.check_call() Call to 'subprocess.check_call()' detected in function '<module>'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/enchantedmotorcycle/mqtt-client/scripts/run.py:9 | |
| HIGH | MQTT credentials loaded from environment variables The `scripts/run.py` script retrieves `MQTT_USERNAME` and `MQTT_PASSWORD` from environment variables using `os.getenv` and uses them to authenticate with the MQTT broker. The `bootstrap.sh` script explicitly sources a `.env` file, which is expected to contain these credentials. While necessary for the skill's function, this highlights that the skill has direct access to and uses sensitive credentials. If the skill's execution environment is compromised, these credentials could be exposed or misused. Ensure that the environment variables containing credentials are managed securely (e.g., using secrets management systems) and that the skill's execution environment is isolated and hardened. Implement least privilege access for these credentials. | LLM | scripts/run.py:15 | |
| HIGH | All MQTT messages logged to standard output The `on_message` callback in `scripts/run.py` logs the topic and payload of every received MQTT message to `sys.stdout`. Since the client subscribes to all topics (`#`), any data published on the connected MQTT broker will be printed to the skill's standard output. If the skill's output is captured by the host system or LLM, this could lead to the exfiltration of sensitive information contained within MQTT messages. Restrict logging of message payloads to only necessary information or sensitive data. Implement filtering based on topic or content if only specific messages are relevant. Consider logging to a secure, internal log management system instead of `sys.stdout` if sensitive data is expected. | LLM | scripts/run.py:34 | |
| MEDIUM | Unpinned Python dependency version Requirement 'paho.mqtt' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/enchantedmotorcycle/mqtt-client/requirements.txt:1 | |
| MEDIUM | Subscribes to all MQTT topics The `scripts/run.py` script subscribes to all available MQTT topics (`#`) upon successful connection. While the skill's description mentions "tracks messages," subscribing to all topics grants it broad access to potentially sensitive information across the entire MQTT broker. This might be an excessive permission if the skill only needs to monitor specific topics. Refine the MQTT topic subscription to only include the specific topics required for the skill's functionality, adhering to the principle of least privilege. | LLM | scripts/run.py:24 | |
| LOW | Unpinned dependency in requirements.txt The `requirements.txt` file specifies `paho.mqtt` without a version pin. This means that future installations could pull a different version of the library, potentially introducing breaking changes, new vulnerabilities, or unexpected behavior. While `paho.mqtt` is a well-known library, pinning versions is a best practice for reproducibility and security. Pin the dependency to a specific version, e.g., `paho.mqtt==1.6.1`. | LLM | requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/a7809459af7028c2)
Powered by SkillShield