Trust Assessment
switchbot-openapi received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 4 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Shell Command Injection via JSON Body, Shell Command Injection via URL Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 64/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/switchbot-dev/switchbot-cloudapi/scripts/switchbot_cli.js:165 | |
| HIGH | Shell Command Injection via JSON Body The `scripts/send_command.sh` script constructs a JSON payload by directly embedding user-provided arguments (`COMMAND` and `PARAMETER`) into a double-quoted string for the `curl -d` option. If `COMMAND` or `PARAMETER` contain unescaped double quotes or backslashes, an attacker could inject arbitrary JSON fields, manipulate the command sent to the API, or potentially break out of the JSON string to execute arbitrary shell commands. Avoid direct string concatenation for JSON payloads in shell scripts. Instead, use a tool like `jq` to safely construct JSON objects from variables (e.g., `jq -n --arg cmd "$COMMAND" --arg param "$PARAMETER" '{"command": $cmd, "parameter": $param, "commandType": "command"}'`). Alternatively, rewrite the script in a language like Node.js or Python that provides safe JSON serialization functions (e.g., `JSON.stringify()` in Node.js). | LLM | scripts/send_command.sh:12 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/switchbot-dev/switchbot-cloudapi/scripts/switchbot_cli.js:122 | |
| MEDIUM | Shell Command Injection via URL Path The scripts `scripts/get_status.sh`, `scripts/send_command.sh`, and `scripts/execute_scene.sh` embed user-provided arguments (`DEVICE_ID` or `SCENE_ID`) directly into the URL path within a `curl` command. While `curl` typically handles URL encoding for path segments, if the input contains shell metacharacters (e.g., backticks, dollar signs, semicolons) that are not properly escaped by the shell or `curl`, it could lead to command injection. For example, an input like `$(malicious_command)` could execute arbitrary code. Ensure all user-supplied arguments used in shell commands are properly escaped to prevent shell metacharacter interpretation. For URL paths, consider using a dedicated URL encoding utility or rewriting the script in a language that provides robust URL construction and escaping (e.g., Node.js `URL` class or Python `urllib.parse.quote`). | LLM | scripts/get_status.sh:10 | |
| MEDIUM | Shell Command Injection via URL Path The scripts `scripts/get_status.sh`, `scripts/send_command.sh`, and `scripts/execute_scene.sh` embed user-provided arguments (`DEVICE_ID` or `SCENE_ID`) directly into the URL path within a `curl` command. While `curl` typically handles URL encoding for path segments, if the input contains shell metacharacters (e.g., backticks, dollar signs, semicolons) that are not properly escaped by the shell or `curl`, it could lead to command injection. For example, an input like `$(malicious_command)` could execute arbitrary code. Ensure all user-supplied arguments used in shell commands are properly escaped to prevent shell metacharacter interpretation. For URL paths, consider using a dedicated URL encoding utility or rewriting the script in a language that provides robust URL construction and escaping (e.g., Node.js `URL` class or Python `urllib.parse.quote`). | LLM | scripts/send_command.sh:12 | |
| MEDIUM | Shell Command Injection via URL Path The scripts `scripts/get_status.sh`, `scripts/send_command.sh`, and `scripts/execute_scene.sh` embed user-provided arguments (`DEVICE_ID` or `SCENE_ID`) directly into the URL path within a `curl` command. While `curl` typically handles URL encoding for path segments, if the input contains shell metacharacters (e.g., backticks, dollar signs, semicolons) that are not properly escaped by the shell or `curl`, it could lead to command injection. For example, an input like `$(malicious_command)` could execute arbitrary code. Ensure all user-supplied arguments used in shell commands are properly escaped to prevent shell metacharacter interpretation. For URL paths, consider using a dedicated URL encoding utility or rewriting the script in a language that provides robust URL construction and escaping (e.g., Node.js `URL` class or Python `urllib.parse.quote`). | LLM | scripts/execute_scene.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/725e8be8ae1d98e3)
Powered by SkillShield