Trust Assessment
runpod received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 0 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized POD_ID, Reduced SSH Host Key Security (StrictHostKeyChecking=accept-new).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized POD_ID The `POD_ID` variable, derived directly from the first command-line argument (`$1`), is used without sanitization in a context where shell metacharacters, specifically command substitution (`$(...)`), can lead to arbitrary command execution. An attacker can craft the `POD_ID` argument to include a command substitution, which will be executed by the shell before `runpodctl` is invoked. For example, providing `POD_ID="$(malicious_command)"` would execute `malicious_command` on the host system. Implement strict input validation for `POD_ID` to ensure it only contains expected characters (e.g., alphanumeric, hyphens, underscores) and does not contain shell metacharacters like `$(`, `)`, `;`, `&`, `|`, `<`, `>`, etc. Alternatively, use a safer method to pass arguments that prevents shell interpretation, if available. | LLM | scripts/mount_pod.sh:39 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/andrewharp/runpod/SKILL.md:24 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/andrewharp/runpod/scripts/mount_pod.sh:4 | |
| MEDIUM | Reduced SSH Host Key Security (StrictHostKeyChecking=accept-new) The `sshfs` command is configured with `StrictHostKeyChecking=accept-new`. This setting automatically adds new host keys to `~/.runpod/ssh/known_hosts` without user confirmation. While this improves usability for ephemeral cloud instances, it significantly reduces security by making the system vulnerable to Man-in-the-Middle (MITM) attacks during the first connection to a new host. An attacker could impersonate a RunPod instance and trick the client into connecting to their malicious server, potentially capturing credentials or injecting malicious code. Consider using `StrictHostKeyChecking=yes` and `UpdateHostKeys=yes` (if supported by the SSH client version) to automatically update keys for *known* hosts, but require manual confirmation for *new* hosts. Alternatively, implement a mechanism to pre-populate or verify host keys out-of-band. | LLM | scripts/mount_pod.sh:52 | |
| MEDIUM | Unpinned dependency for `runpodctl` The `SKILL.md` instructs users to install `runpodctl` using `brew install runpod/runpodctl/runpodctl` without specifying a version. This means that any future installation will fetch the latest version available in the Homebrew tap. If a malicious or vulnerable version of `runpodctl` is released, users could unknowingly install it, leading to a supply chain compromise. Specify a pinned version for `runpodctl` during installation (e.g., `brew install runpod/runpodctl/runpodctl@X.Y.Z`) or provide instructions for verifying the integrity of the installed tool. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/62d862181e36cd52)
Powered by SkillShield