Trust Assessment
roku received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 5 critical, 4 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unsafe deserialization / dynamic eval, Suspicious import: socket.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/gumadeiras/roku/SKILL.md:64 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/gumadeiras/roku/SKILL.md:70 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/gumadeiras/roku/SKILL.md:76 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/gumadeiras/roku/SKILL.md:82 | |
| CRITICAL | Arbitrary Method Execution via Named Pipe (Method Injection) The `roku-listener.py` script reads commands from the named pipe `/tmp/roku-control`. It directly uses parts of these commands (e.g., `line.replace("roku_", "")` or `line.split(" ", 1)[1]`) as method names to call on the `Roku` object via `getattr(r, btn)()`. Since the named pipe is typically world-writable (see SS-PERM-001), any local user can write arbitrary method names to this pipe, leading to the execution of any method available on the `Roku` object. This could include methods for device control (e.g., `reboot()`, `factory_reset()`, launching specific apps) or other unintended actions, bypassing intended command whitelisting. Implement a strict whitelist for all allowed method names before calling `getattr()`. Do not allow arbitrary strings from user input to be used as method names. For example, use a dictionary mapping input strings to safe Roku methods, similar to `BUTTON_MAP` in `roku-daemon.py`. Additionally, restrict permissions on `/tmp/roku-control` to only trusted users or the daemon process itself. | LLM | roku-listener.py:39 | |
| HIGH | Unsafe deserialization / dynamic eval Python variable indirection to hide dangerous calls Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/gumadeiras/roku/roku-daemon.py:79 | |
| HIGH | Unsafe deserialization / dynamic eval Python variable indirection to hide dangerous calls Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/gumadeiras/roku/roku-listener.py:44 | |
| HIGH | Unsafe deserialization / dynamic eval Python variable indirection to hide dangerous calls Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/gumadeiras/roku/roku-listener.py:50 | |
| HIGH | World-Writable Named Pipe Allows Unauthorized Local Device Control The `roku-daemon.py` script creates the named pipe `/tmp/roku-control` using `os.mkfifo()`. By default, this creates pipes with permissions that allow any local user to write to them (e.g., 0o666, modified by umask). This means any unprivileged local user can send commands to the running Roku daemon or listener, effectively gaining control over the connected Roku device (e.g., launching apps, pressing buttons). In the case of `roku-listener.py`, this also enables the critical method injection vulnerability (SS-CMD-001). Create the named pipe with restricted permissions (e.g., `os.mkfifo(PIPE_PATH, 0o600)` or `0o640`) to limit write access to only the owner or a specific group. Ensure the daemon runs as a dedicated, unprivileged user. Alternatively, use a more secure inter-process communication mechanism that enforces access control. | LLM | roku-daemon.py:36 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/gumadeiras/roku/roku-client.py:6 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/gumadeiras/roku/roku-telegram.py:8 | |
| INFO | Telegram Token Read from Environment Variable The `roku-telegram.py` script retrieves the `TELEGRAM_TOKEN` from an environment variable. While this is a common and generally recommended practice for handling secrets in production, it still requires proper environment configuration and security to prevent exposure of the token to other processes or logs. If the environment is compromised or misconfigured, the token could be exposed. Ensure that the environment where this script runs is secured, and the `TELEGRAM_TOKEN` environment variable is only accessible by the necessary processes. Avoid logging the token or exposing it in process lists. Consider using a secrets management system for more robust handling in complex deployments. | LLM | roku-telegram.py:8 | |
| INFO | External Network Requests to Telegram API The `roku-telegram.py` script makes external network requests to `https://api.telegram.org` to fetch updates and send responses. This is expected behavior for a Telegram bot, but it means that data (such as user callback queries and interaction metadata) is transmitted to Telegram's servers. This is noted as an informational finding regarding data flow outside the local system. Ensure that users are aware that their interactions are processed by Telegram's infrastructure. Implement appropriate data handling policies and privacy notices if sensitive information is involved. This is generally acceptable for a public Telegram bot. | LLM | roku-telegram.py:30 |
Scan History
Embed Code
[](https://skillshield.io/report/e83f41274e9b28f2)
Powered by SkillShield