Trust Assessment
solo-cli received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Unofficial Homebrew Tap for Installation, Arbitrary File Upload Capability, Arbitrary Configuration File Loading.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Upload Capability The `solo-cli upload <file>` command allows the tool to read and upload any specified file from the local filesystem. If the AI agent is prompted by a malicious user to upload an arbitrary file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), this could lead to data exfiltration or unauthorized access. The skill description does not specify any restrictions on the file path or type beyond 'PDF or image'. The AI agent should be strictly instructed to only use predefined or user-confirmed safe file paths for uploads. Implement robust input validation and sanitization for any file paths provided by the user. Consider restricting the agent's ability to upload files to a specific, isolated directory. | LLM | SKILL.md:33 | |
| HIGH | Arbitrary Configuration File Loading The `solo-cli --config <path>` (or `-c <path>`) option allows specifying an arbitrary path for the configuration file. If the AI agent is prompted by a malicious user to use a user-controlled path, it could lead to the tool loading a malicious configuration, potentially altering its behavior, exposing sensitive data, or executing unintended commands. The AI agent should be strictly instructed to only use predefined or whitelisted configuration file paths. Implement robust input validation and sanitization for any config paths provided by the user. | LLM | SKILL.md:69 | |
| MEDIUM | Unofficial Homebrew Tap for Installation The skill instructs users to install `solo-cli` from a personal Homebrew tap (`rursache/tap/solo-cli`). Personal taps are not subject to the same security vetting as official Homebrew formulae or major package repositories. This introduces a supply chain risk, as a compromise of the tap maintainer's account or the tap itself could lead to the distribution of malicious software. Recommend using an officially vetted package source, or if a personal tap is necessary, advise users to verify the integrity of the package. For the LLM, ensure it understands this is an installation instruction for the user, not a command to execute. | LLM | SKILL.md:10 | |
| MEDIUM | Exposure of Sensitive Configuration File Paths The skill explicitly mentions the paths to sensitive files: `~/.config/solo-cli/config.json` (containing username/password) and `~/.config/solo-cli/cookies.json` (containing session cookies). While the `solo-cli` tool itself doesn't expose these via its commands, a malicious prompt to the LLM could instruct it to read and exfiltrate the contents of these files using general system commands (e.g., `cat`). The explicit mention of these paths makes them known targets. The AI agent should be strictly forbidden from accessing or displaying the contents of these sensitive configuration files. Implement a policy that prevents the agent from executing commands like `cat`, `less`, `more`, `head`, `tail` on these specific paths. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/69fe88e319f56cd6)
Powered by SkillShield