Trust Assessment
oura received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Unpinned Third-Party Dependency via Git Clone, Potential Command Injection via User-Derived Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Third-Party Dependency via Git Clone The skill's installation instructions include cloning a third-party Git repository (`https://github.com/ruhrpotter/oura-cli.git`) without specifying a particular commit hash or version tag. This introduces a significant supply chain risk, as future changes to the upstream repository could introduce malicious code that would then be built and executed by the agent. Pin the Git clone operation to a specific commit hash or version tag (e.g., `git clone <repo> --branch <tag_or_hash>`). Regularly audit the upstream repository for security vulnerabilities. | LLM | SKILL.md:16 | |
| HIGH | Potential Command Injection via User-Derived Arguments The agent is instructed to execute shell commands using user-derived inputs for categories and flags (e.g., `./oura get <category> --start <date>`). If the agent directly interpolates user input into these command arguments without proper sanitization or validation, a malicious user could inject arbitrary shell commands (e.g., by providing a category like `sleep; rm -rf /`). The skill does not provide explicit instructions for sanitizing user input before command execution. Implement robust input sanitization and validation for all user-derived arguments passed to shell commands. Consider using a safe command execution mechanism that prevents shell metacharacter interpretation, or explicitly whitelist allowed characters and patterns for categories and date formats. | LLM | SKILL.md:70 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/ruhrpotter/oura/SKILL.md:1 | |
| MEDIUM | Excessive Permissions Required for Skill Installation and Operation The skill's installation process requires broad filesystem access (via `git clone` and `go build`) to download and compile the `oura-cli` tool. During operation, the `oura` binary requires network access to communicate with the Oura API and local filesystem write access to store authentication tokens in `~/.config/oura-cli/config.json`. While necessary for the tool's functionality, these broad permissions, when granted to an AI agent, increase the potential blast radius in case of compromise. If possible, execute the skill in a sandboxed environment with minimal necessary permissions. Review the `oura-cli` tool's source code to ensure it adheres to the principle of least privilege. Ensure that the agent's execution environment is isolated from sensitive host resources. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/8ef7c7978b7933ef)
Powered by SkillShield