Trust Assessment
spotify-applescript received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include AppleScript Command Injection via 'play' command, AppleScript Command Injection via 'volume' command, Risky installation method for a vulnerable script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | AppleScript Command Injection via 'play' command The `spotify.sh` script directly interpolates user-provided input (`$uri`) into an `osascript` command without proper sanitization or escaping. An attacker can inject arbitrary AppleScript commands, including `do shell script` to execute shell commands, by crafting a malicious URI. For example, a URI like `spotify:track:123" & do shell script "rm -rf /" & "` would lead to arbitrary code execution. Sanitize or properly escape the `$uri` variable before interpolating it into the `osascript` command. A common approach is to use `quoted form of` in AppleScript or to strictly validate the input format to ensure it only contains valid URI characters and does not contain quotes or other AppleScript control characters. | LLM | spotify.sh:30 | |
| HIGH | AppleScript Command Injection via 'volume' command The `spotify.sh` script directly interpolates user-provided input (`$2` for volume level) into an `osascript` command without proper sanitization. While AppleScript's `set sound volume to` expects an integer, a malicious user could attempt to inject AppleScript commands by providing a specially crafted string, potentially leading to an AppleScript error or, in some contexts, unexpected behavior. Although direct shell execution might be harder here due to type coercion, it's still a direct interpolation of untrusted input. Validate that the `$2` variable is a numeric integer between 0 and 100 before interpolating it into the `osascript` command. Alternatively, use `quoted form of` if the input were a string, but for an integer, strict validation is more appropriate. | LLM | spotify.sh:60 | |
| HIGH | Risky installation method for a vulnerable script The `SKILL.md` documentation suggests installing the `spotify.sh` script system-wide using `sudo ln -sf {baseDir}/spotify.sh /usr/local/bin/spotify`. Given the command injection vulnerabilities identified in `spotify.sh`, making this script globally accessible and encouraging installation with `sudo` significantly escalates the potential impact of an exploit. A compromised script in `/usr/local/bin` could be invoked by any user or process, leading to system-wide compromise if the injection allows for privilege escalation or arbitrary code execution. Reconsider the installation method. If the script must be globally available, ensure it is thoroughly hardened against all forms of injection. For scripts with known vulnerabilities, avoid system-wide installation, especially with `sudo`. Consider running the script with least privileges or within a sandboxed environment. If `sudo` is absolutely necessary for installation, ensure the script itself is not executable with `sudo` by default, and that any execution is done by a non-privileged user. | LLM | SKILL.md:150 |
Scan History
Embed Code
[](https://skillshield.io/report/7a6aa7c6fd3da77a)
Powered by SkillShield