Trust Assessment
tautulli received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unsanitized user input leads to `curl` command injection, API Key exposed in URL query parameters.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/rjmurillo/tautulli/SKILL.md:9 | |
| CRITICAL | Unsanitized user input leads to `curl` command injection The `limit` variable, which is derived directly from user input (`$1`), is interpolated into a double-quoted string that forms the `curl` command's URL argument. A malicious user can inject shell metacharacters, specifically a double quote (`"`), to break out of the URL string and inject arbitrary `curl` command-line options. For example, providing `10" --output /tmp/malicious_file #` as input would cause `curl` to write the API response to `/tmp/malicious_file` on the agent's filesystem, leading to an arbitrary file write vulnerability. This could be used for data exfiltration (if the API response contains sensitive data) or to disrupt the agent's operation. Validate and sanitize user input (`$1`) to ensure it is a positive integer before using it in the `curl` command. A simple check like `[[ "$limit" =~ ^[0-9]+$ ]] && (( limit > 0 ))` followed by an error exit if invalid, would prevent this. | LLM | scripts/history.sh:7 | |
| CRITICAL | Unsanitized user input leads to `curl` command injection The `limit` variable, which is derived directly from user input (`$1`), is interpolated into a double-quoted string that forms the `curl` command's URL argument. A malicious user can inject shell metacharacters, specifically a double quote (`"`), to break out of the URL string and inject arbitrary `curl` command-line options. For example, providing `10" --output /tmp/malicious_file #` as input would cause `curl` to write the API response to `/tmp/malicious_file` on the agent's filesystem, leading to an arbitrary file write vulnerability. This could be used for data exfiltration (if the API response contains sensitive data) or to disrupt the agent's operation. Validate and sanitize user input (`$1`) to ensure it is a positive integer before using it in the `curl` command. A simple check like `[[ "$limit" =~ ^[0-9]+$ ]] && (( limit > 0 ))` followed by an error exit if invalid, would prevent this. | LLM | scripts/recent.sh:7 | |
| MEDIUM | API Key exposed in URL query parameters The `TAUTULLI_API_KEY` is included directly in the URL query string for all API calls. While this is a common pattern for the Tautulli API, it exposes the API key in server logs, browser history, and potentially to network intermediaries if HTTPS is not enforced or if logs are compromised. This is generally less secure than transmitting credentials via HTTP headers or POST bodies. If possible, configure Tautulli to accept API keys via HTTP headers (e.g., `X-Api-Key`) or POST body. Ensure `TAUTULLI_URL` always uses HTTPS. If the Tautulli API only supports URL parameters, ensure the Tautulli server is secured and its logs are protected. | LLM | scripts/activity.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/1ba4c147579ce29e)
Powered by SkillShield