Trust Assessment
roborock received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency in manifest, Skill instructs user to provide credentials to external CLI, CLI commands with unsanitized placeholders.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency in manifest The `python-roborock` package is specified without a version constraint in the manifest's `install` section. This allows for the installation of any version, including potentially malicious future releases or compromised versions, leading to arbitrary code execution. An attacker could publish a malicious package with the same name or compromise the legitimate package to deliver malware. Pin the dependency to a specific, known-good version (e.g., `"package": "python-roborock==X.Y.Z"`) or at least a major version (e.g., `"package": "python-roborock~=X.Y"`) to mitigate supply chain risks. | LLM | SKILL.md | |
| HIGH | Skill instructs user to provide credentials to external CLI The skill's setup instructions require the user to log in to their Roborock/Xiaomi Home account by providing their email and password directly to the `roborock login` CLI command. This relies heavily on the security and integrity of the `python-roborock` CLI and its underlying library. If the CLI or its dependencies are compromised (especially given the unpinned dependency), these sensitive credentials could be harvested by an attacker. 1. Pin the `python-roborock` dependency to a known secure version to reduce supply chain risk. 2. Advise users to exercise extreme caution when providing credentials to third-party tools. 3. If possible, explore alternative authentication methods that do not require direct password input (e.g., API tokens, OAuth flows) to reduce the attack surface. | LLM | SKILL.md:12 | |
| MEDIUM | CLI commands with unsanitized placeholders The skill provides CLI command examples that include placeholders like `"YOUR_DEVICE_ID"`. If an LLM agent directly substitutes user-provided input into these placeholders without proper sanitization or quoting, it could lead to command injection vulnerabilities. For example, if `YOUR_DEVICE_ID` is replaced with `"; rm -rf /"` without proper escaping, it would execute arbitrary commands on the host system. Instruct the LLM agent to always sanitize and properly quote any user-provided input before interpolating it into shell commands. Implement strict input validation for parameters like `device_id` to ensure they conform to expected formats (e.g., alphanumeric strings) and do not contain shell metacharacters. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/484129d3ab63f490)
Powered by SkillShield