Trust Assessment
netatmo received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via CLI tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via CLI tool The skill description indicates that it controls Netatmo devices by executing `netatmo` CLI commands. The documentation explicitly shows `netatmo <cmd> --json`, suggesting that arbitrary commands or subcommands can be passed to the `netatmo` executable. If user input is directly interpolated into these commands without proper sanitization or strict validation, an attacker could inject malicious shell commands, leading to arbitrary code execution on the host system. Ensure all user-provided input used in constructing shell commands is strictly validated and sanitized. Avoid direct interpolation of user input into command strings. For the `<cmd>` placeholder, restrict it to a predefined allowlist of safe subcommands. Implement robust input validation to prevent injection of shell metacharacters or unauthorized commands. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/ed94d6babb08b331)
Powered by SkillShield