Trust Assessment
pi-admin received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 6 critical, 3 high, 0 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Network egress to untrusted endpoints, Persistence mechanism: systemd service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/thesethrose/pi-admin/optimize.sh:106 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/thesethrose/pi-admin/optimize.sh:112 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/thesethrose/pi-admin/optimize.sh:118 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/thesethrose/pi-admin/restart-gateway.sh:66 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/thesethrose/pi-admin/restart-gateway.sh:67 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/thesethrose/pi-admin/restart-gateway.sh:68 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/thesethrose/pi-admin/optimize.sh:106 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/thesethrose/pi-admin/optimize.sh:112 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/thesethrose/pi-admin/optimize.sh:118 | |
| INFO | Reliance on external package manager and application The `restart-gateway.sh` script directly invokes `pnpm` to run the `clawdis gateway` application. This introduces a supply chain risk, as the security of the skill depends on the integrity and security of `pnpm` and the `clawdis gateway` application and its dependencies. While this is a common pattern for skills that interact with specific applications, it's important to acknowledge the transitive trust involved. Any vulnerability in `pnpm` or `clawdis gateway` could potentially be exploited through this skill. Ensure `pnpm` and the `clawdis gateway` application are regularly updated, scanned for vulnerabilities, and sourced from trusted repositories. Implement robust access controls for the user executing this skill, and consider sandboxing the execution environment if the `clawdis gateway` application is not fully trusted. | LLM | restart-gateway.sh:42 |
Scan History
Embed Code
[](https://skillshield.io/report/462a5bd16460d8a6)
Powered by SkillShield