Trust Assessment
redis-schema-gen received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned `npx` dependency allows arbitrary code execution, Third-party tool requires and could exfiltrate `OPENAI_API_KEY`, Third-party tool arguments may be vulnerable to command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned `npx` dependency allows arbitrary code execution The skill instructs users to run `npx ai-redis-schema` without specifying a version. This means the latest version of the `ai-redis-schema` package will always be downloaded and executed. A malicious update to this package could introduce backdoors, data exfiltration, or command injection vulnerabilities, leading to arbitrary code execution on the user's system without explicit user consent for the new version. Pin the `ai-redis-schema` dependency to a specific, trusted version (e.g., `npx ai-redis-schema@1.2.3`). Implement package integrity checks (e.g., using a lockfile or hash verification) to ensure the downloaded package has not been tampered with. Consider running such tools in a sandboxed or isolated environment. | LLM | SKILL.md:10 | |
| HIGH | Third-party tool requires and could exfiltrate `OPENAI_API_KEY` The `ai-redis-schema` tool, which is executed via `npx`, explicitly requires the `OPENAI_API_KEY` environment variable. If the `ai-redis-schema` package is compromised (e.g., through a malicious update due to the unpinned dependency), it could exfiltrate this sensitive API key, leading to unauthorized access to the user's OpenAI account, potential financial loss, or abuse of AI services. Users should be warned about the risk of providing sensitive credentials to unverified third-party tools. If possible, the tool should be run in a sandboxed environment with restricted network access. The skill developer should ensure the `ai-redis-schema` package is trustworthy and consider providing a mechanism for users to verify its integrity. | LLM | SKILL.md:41 | |
| HIGH | Third-party tool arguments may be vulnerable to command injection The skill instructs users to pass arbitrary user-provided strings (e.g., `"user sessions and rate limiting"`) as arguments to the `ai-redis-schema` tool. If the `ai-redis-schema` tool does not properly sanitize or escape these arguments before processing them (e.g., if it internally uses `eval` or `subprocess.run` with unsanitized input), a malicious user could craft an input string to execute arbitrary commands on the host system where `npx ai-redis-schema` is run. The developer of `ai-redis-schema` must ensure all user-provided inputs are rigorously sanitized and escaped before being used in any shell commands or `eval`-like operations. Users should be advised to only provide trusted input to the tool. Consider using a safer method for passing arguments than direct shell interpolation. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/0c2b04a3b729e8a6)
Powered by SkillShield