Trust Assessment
redis received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `redis-cli` arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `redis-cli` arguments The skill defines `redis-cli` commands for execution. If the LLM constructs these commands by directly embedding unsanitized user input into the arguments (e.g., key, value, pattern), it could lead to command injection. An attacker could craft malicious input that, when inserted into the `redis-cli` command string, executes arbitrary shell commands or manipulates Redis in unintended ways. For example, `redis-cli SET key "$(malicious_command)"` could execute `malicious_command` if the shell interprets the inner command. Implement robust input sanitization and validation for all arguments passed to `redis-cli` commands. Ensure that user-provided strings are properly escaped or quoted to prevent shell metacharacter interpretation. Consider using a Redis client library in a more controlled environment (e.g., Python script) instead of direct shell execution of `redis-cli` to minimize injection surface. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/dfa037f64ef233a8)
Powered by SkillShield