Trust Assessment
proxmox-full received a trust score of 36/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unsanitized user input in URL path leads to command injection, Skill requires API token with full administrative privileges.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/msarheed/proxmox-full/SKILL.md:9 | |
| HIGH | Unsanitized user input in URL path leads to command injection The skill constructs `curl` commands by directly interpolating variables like `{node}`, `{vmid}`, `{snapname}`, `{storage}`, and `{upid}` into the URL path. If these variables are populated by untrusted user input without proper sanitization or escaping, an attacker could inject arbitrary shell commands. For example, if `{vmid}` is `123; evil_command`, the `evil_command` would be executed on the host system. This vulnerability is present in almost all `curl` commands within the skill that use these placeholders. Implement robust input validation and sanitization for all user-provided parameters (`{node}`, `{vmid}`, `{snapname}`, etc.) before they are interpolated into shell commands. Ensure that these parameters cannot contain shell metacharacters or command separators. Consider using a more robust API client library that handles URL encoding and command execution safely instead of direct shell interpolation. | LLM | SKILL.md:50 | |
| HIGH | Skill requires API token with full administrative privileges The setup instructions explicitly advise creating a Proxmox API token by unchecking 'Privilege Separation', which grants the token full administrative access to the Proxmox VE environment. While this enables the broad functionality described, it means that any successful exploit (e.g., command injection) against this skill would immediately grant the attacker complete control over the entire Proxmox infrastructure, including all VMs, containers, and storage. This significantly increases the blast radius of any vulnerability. Recommend creating API tokens with the principle of least privilege. Document the minimum required permissions for each specific action the skill performs. If full access is truly necessary for the 'full management' scope, clearly state the security implications and advise users to isolate the environment where this skill is used. | LLM | SKILL.md:20 | |
| MEDIUM | `curl` commands disable SSL/TLS certificate validation All `curl` commands in the skill use the `-k` (or `--insecure`) flag, which disables SSL/TLS certificate validation. While this might be convenient for environments with self-signed certificates (common in Proxmox setups), it makes the communication vulnerable to Man-in-the-Middle (MITM) attacks. An attacker could intercept and modify traffic, potentially stealing the `PVE_TOKEN` or manipulating API responses, without the client detecting the compromise. Advise users to configure Proxmox with valid, trusted SSL/TLS certificates. If self-signed certificates are used, provide instructions on how to properly import and trust them on the host system, allowing `curl` to validate connections without using the `-k` flag. This ensures secure communication and prevents MITM attacks. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/2c20062cdad432da)
Powered by SkillShield