Trust Assessment
omi-me received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via jq filter, JSON Injection via unescaped user input in curl payload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via jq filter The `omi memories search` command directly interpolates user-provided input (`$3`) into a `jq` filter string without proper escaping. An attacker can inject arbitrary `jq` commands by crafting a malicious search query, potentially leading to data exfiltration (e.g., extracting more data than intended) or denial of service by causing `jq` to crash or consume excessive resources. Escape the user-provided search query (`$3`) before embedding it in the `jq` filter string. A safer approach is to pass the user input as a `jq` variable using `--arg` or `--argjson` to ensure it's treated as a literal string. | LLM | scripts/omi-cli.sh:80 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/caioiscoding/omi-me/scripts/omi-token.sh:5 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/caioiscoding/omi-me/scripts/setup.sh:9 | |
| MEDIUM | JSON Injection via unescaped user input in curl payload The `omi memories create` and `omi memories update` commands construct JSON payloads by directly interpolating user-provided content (`$*`) into a JSON string. If the user input contains double quotes (`"`) or backslashes (`\`), it can break the JSON structure, leading to malformed requests. An attacker could potentially inject arbitrary JSON fields, which might bypass API validation or lead to unintended data modifications. Before embedding user input (`$*`) into the JSON string, ensure it is properly JSON-escaped. Alternatively, use a robust JSON library or tool (like `jq -n --arg content "$*" '{"content": $content}'`) to construct the JSON payload, which handles escaping automatically. | LLM | scripts/omi-cli.sh:66 | |
| MEDIUM | JSON Injection via unescaped user input in curl payload The `omi memories create` and `omi memories update` commands construct JSON payloads by directly interpolating user-provided content (`$*`) into a JSON string. If the user input contains double quotes (`"`) or backslashes (`\`), it can break the JSON structure, leading to malformed requests. An attacker could potentially inject arbitrary JSON fields, which might bypass API validation or lead to unintended data modifications. Before embedding user input (`$*`) into the JSON string, ensure it is properly JSON-escaped. Alternatively, use a robust JSON library or tool (like `jq -n --arg content "$*" '{"content": $content}'`) to construct the JSON payload, which handles escaping automatically. | LLM | scripts/omi-cli.sh:73 |
Scan History
Embed Code
[](https://skillshield.io/report/cf09408fe328ee7e)
Powered by SkillShield