Trust Assessment
proxmox received a trust score of 13/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Command Injection via unsanitized curl -d argument, jq Injection via unsanitized vmid parameter.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/weird-aftertaste/proxmox/SKILL.md:10 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/weird-aftertaste/proxmox/SKILL.md:16 | |
| HIGH | Command Injection via unsanitized curl -d argument The `snap` command in `scripts/pve.sh` directly interpolates the user-provided `snapname` variable into a `curl -d` argument without proper sanitization. An attacker can inject arbitrary `curl` options or shell commands by crafting a malicious `snapname`. For example, providing `snapname="foo\" --data-binary @/etc/passwd #"` as input could lead to data exfiltration of `/etc/passwd` or other sensitive files from the system executing the script. Sanitize user input for `snapname` before passing it to `curl`. For `curl -d` parameters, ensure the value is properly URL-encoded or quoted to prevent `curl` option injection. A robust solution would be to use a dedicated API client library or carefully escape the `snapname` using a function that handles `"` and other `curl` argument delimiters. Alternatively, pass the data via stdin using `curl -d @-`. | LLM | scripts/pve.sh:86 | |
| MEDIUM | jq Injection via unsanitized vmid parameter The `vmid` parameter, which is user-supplied, is directly interpolated into `jq` filter expressions (e.g., `select(.vmid==$vmid)`). A malicious `vmid` could contain `jq` metacharacters (e.g., `)` or `"`), leading to a `jq` injection. This could cause syntax errors, unexpected data filtering, or potentially expose unintended data by manipulating the `jq` output format. While not a direct shell command injection, it's a vulnerability in how data is processed. Ensure that user-supplied values used within `jq` filter expressions are properly escaped. A safer approach is to pass the value as a `jq` variable using `--arg` or `--argjson`, for example: `jq -r --arg vmid_arg "$vmid" '.data[] | select(.vmid==$vmid_arg) | .node'`. | LLM | scripts/pve.sh:50 | |
| MEDIUM | Insecure SSL/TLS verification disabled The `curl` commands in the `scripts/pve.sh` helper use the `-k` (or `--insecure`) flag. This disables SSL/TLS certificate verification, making the communication vulnerable to Man-in-the-Middle (MitM) attacks. While often used for self-signed certificates in private environments, it should be avoided if possible, or at least understood as a security trade-off. An attacker on the network could intercept and modify API calls or responses without detection. Configure `curl` to trust the Proxmox server's certificate by providing a CA certificate bundle (`--cacert`). If using self-signed certificates, add the Proxmox CA certificate to the system's trusted store or specify it directly. Avoid `-k` in production environments where possible. | LLM | scripts/pve.sh:14 |
Scan History
Embed Code
[](https://skillshield.io/report/3937194f013b05b5)
Powered by SkillShield