Trust Assessment
stremio-cast received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 2 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.Popen(), Insecure Playwright Browser Launch Configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/pedro-valentim/stremio-cast/scripts/stremio_cast.py:62 | |
| CRITICAL | Insecure Playwright Browser Launch Configuration The Playwright browser is launched with `--ignore-certificate-errors`, `--no-sandbox`, and `--disable-setuid-sandbox` flags. The `--ignore-certificate-errors` flag disables critical TLS/SSL security checks, making the browser vulnerable to Man-in-the-Middle (MITM) attacks. An attacker could intercept traffic to `app.strem.io` or `stremio.rocks`, serve a fake certificate, and inject malicious content, potentially leading to data exfiltration or credential harvesting. The `--no-sandbox` and `--disable-setuid-sandbox` flags disable the browser's security sandbox, which is designed to isolate web content from the host system. If a vulnerability (e.g., XSS) exists in the Stremio web application or any loaded third-party content, an attacker could exploit it to execute arbitrary code on the host system, bypassing browser security mechanisms. This significantly increases the risk of command injection or system compromise. Remove `--ignore-certificate-errors`, `--no-sandbox`, and `--disable-setuid-sandbox` from the Playwright launch arguments. Ensure the environment where Stremio is running has valid certificates and that the browser can operate within its security sandbox. If Stremio requires specific certificate handling, consider using a more secure method than globally ignoring errors. | LLM | scripts/stremio_cast.py:20 | |
| HIGH | Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'cast_stremio'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/pedro-valentim/stremio-cast/scripts/stremio_cast.py:62 | |
| HIGH | Unpinned External Dependencies The `SKILL.md` mentions that `Playwright` and `CATT (Cast All The Things)` must be installed via pip, but does not specify exact versions. This lack of version pinning (e.g., in a `requirements.txt` file) introduces a supply chain risk. A malicious update to either `playwright` or `catt` could introduce vulnerabilities, backdoors, or breaking changes that compromise the skill or the host system. Specify exact versions for all external dependencies (e.g., `playwright==1.30.0`, `catt==0.12.0`) in a `requirements.txt` file. Use a dependency management tool to ensure consistent and secure installations. | LLM | SKILL.md:14 | |
| MEDIUM | Potential Sensitive Data Exposure via Logging The script prints the `stream_url` to standard output: `print(f"[Moltbot] URL de stream encontrada: {stream_url}")`. Depending on how the Stremio server generates these URLs, they might contain sensitive information such as session tokens, user IDs, or other private data. If the skill's logs are accessible to unauthorized parties, this could lead to unintended data exposure. Review the content of `stream_url` to determine if it contains sensitive information. If it does, avoid printing it to standard output or ensure that logging mechanisms are secure and restrict access to logs. Consider redacting sensitive parts of the URL before logging. | LLM | scripts/stremio_cast.py:30 | |
| LOW | Hardcoded Third-Party URL The `stremio_url` is hardcoded to `https://app.strem.io/shell-v4.4/?streamingServer=https%3A%2F%2F192-168-15-162.519b6502d940.stremio.rocks%3A12470#/`. While `app.strem.io` is the official Stremio web app, the `streamingServer` parameter points to a specific `stremio.rocks` subdomain with an IP address. If this specific subdomain or the `stremio.rocks` service were compromised, the skill would direct the browser to a potentially malicious server. This risk is amplified by the `--ignore-certificate-errors` flag (already flagged as CRITICAL). Consider making the `streamingServer` URL configurable, perhaps as an environment variable or skill parameter, to allow users to point to a trusted or self-hosted Stremio instance. Regularly verify the integrity and security of third-party services. | LLM | scripts/stremio_cast.py:14 |
Scan History
Embed Code
[](https://skillshield.io/report/1fa2ebcb0408bf34)
Powered by SkillShield