Trust Assessment
spotify-cli received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Missing required field: name, Unspecified source for executable script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/shawnpana/spotify-cli/SKILL.md:24 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/shawnpana/spotify-cli/SKILL.md:34 | |
| CRITICAL | Unspecified source for executable script The installation instructions require copying an executable file named `spotify` to `/usr/local/bin` with root privileges (`sudo cp spotify /usr/local/bin/spotify`). However, the source or content of this `spotify` file is not provided within the skill package context. This poses a critical supply chain risk, as a user might download a malicious script from an untrusted source and install it with elevated permissions, leading to system compromise. The `spotify` script must be included within the skill package, or a clear, trusted source (e.g., a specific URL with checksums) must be provided. The script's content should also be analyzed for further security vulnerabilities. | LLM | SKILL.md:39 | |
| HIGH | Potential command injection via user-supplied arguments The skill describes a CLI tool (`spotify`) that takes user-supplied strings as arguments for commands like `search` and `play` (e.g., `spotify search "query"`, `spotify play "song name"`). If the underlying `spotify` script does not properly sanitize or escape these arguments before using them in shell commands or system calls, a malicious user could inject arbitrary shell commands. For example, `spotify play "song name; rm -rf /"` could lead to severe system compromise. Since the `spotify` script itself is not provided, this is a potential vulnerability based on the described interface. The `spotify` script must rigorously sanitize and escape all user-supplied input before passing it to any shell commands or system calls. It is recommended to use libraries designed for safe subprocess execution (e.g., Python's `subprocess` module with `shell=False` and passing arguments as a list). | LLM | SKILL.md:50 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/shawnpana/spotify-cli/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/d61bf4497caa9ba2)
Powered by SkillShield