Trust Assessment
putio received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned `kaput-cli` dependency in installation instructions, Vulnerable `kaput` executable resolution via system PATH.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 49/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Vulnerable `kaput` executable resolution via system PATH The `_kaput.sh` script attempts to resolve the `kaput` executable by checking the system's `PATH` environment variable. An attacker could manipulate the `PATH` or place a malicious executable named `kaput` in a directory that appears earlier in the `PATH` than the legitimate `kaput` installation. This would lead to the execution of arbitrary code when any of the skill's scripts invoke `$KAPUT`, resulting in a command injection vulnerability. Prefer explicit, absolute paths for executables. If `PATH` must be used, sanitize it or ensure it only contains trusted directories. For `kaput`, consider always using `~/.cargo/bin/kaput` or requiring `KAPUT_BIN` to be set to an absolute path. | LLM | scripts/_kaput.sh:12 | |
| HIGH | Potential exposure of user account email via `whoami` command The `status.sh` script, when the `SHOW_ACCOUNT=1` environment variable is set, executes `"$KAPUT" whoami`. The script itself notes that this command 'may print your account email'. This sensitive personal information could be exfiltrated to the LLM, which might then expose it to the user or store it in its conversation history, violating user privacy. Redact or filter sensitive information (like email addresses) from the output of `whoami` before returning it to the LLM. Alternatively, provide a separate, explicit tool for retrieving account details if the user truly needs it, with clear warnings about data exposure. | LLM | scripts/status.sh:10 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/baanish/putio/scripts/_kaput.sh:19 | |
| MEDIUM | Unpinned `kaput-cli` dependency in installation instructions The `SKILL.md` instructs users to install `kaput-cli` using `cargo install kaput-cli`. This command installs the latest available version, which can change over time. This lack of version pinning introduces a supply chain risk, as a malicious update to `kaput-cli` could be automatically installed, potentially compromising the user's system or data without explicit review. Specify a precise version for `kaput-cli` (e.g., `cargo install kaput-cli@1.2.3`) to ensure deterministic installations and prevent unexpected changes from upstream dependencies. | LLM | SKILL.md:15 | |
| MEDIUM | Exposure of user transfer and file metadata to LLM The `list_transfers.sh`, `search_files.sh`, and `status.sh` scripts output user's put.io transfer history and file search results directly to standard output. While this is the intended functionality, this data (e.g., names of files, transfer statuses, magnet links) can be sensitive and is directly exfiltrated to the LLM. The LLM might then expose this information to the user or store it, potentially revealing private activity. Implement filtering or summarization of output to only return essential, non-sensitive information to the LLM. For full sensitive lists, require explicit user confirmation or provide a mechanism for the user to view them outside the LLM's direct context. | LLM | scripts/list_transfers.sh:7 | |
| MEDIUM | Unsanitized user input passed to external `kaput` CLI commands The `add_transfer.sh` and `search_files.sh` scripts take user input (`$URL` and `$QUERY` respectively) and pass it directly as arguments to the `kaput` CLI. Although the variables are double-quoted (`"$URL"`, `"$QUERY"`), which prevents shell word splitting and glob expansion, a sophisticated attacker could craft input that exploits vulnerabilities within the `kaput` CLI's argument parsing or internal command execution, if such vulnerabilities exist. This is a common attack vector for external command execution. Implement robust input validation and sanitization (e.g., regex checks for valid URLs or file search queries) before passing user-provided strings to external commands, even when quoted. | LLM | scripts/add_transfer.sh:10 |
Scan History
Embed Code
[](https://skillshield.io/report/bf34842f2062e218)
Powered by SkillShield