Trust Assessment
vast-ai received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Unpinned npm dependency version, Potential Command Injection via LLM-constructed Shell Command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via LLM-constructed Shell Command The skill's `SKILL.md` defines a CLI execution pattern where the LLM constructs a shell command using user-provided parameters. If the LLM directly interpolates unsanitized user input into the `[params]` section of the command `node /Users/sschepis/Development/vast-ai/dist/cli.js <action> [params]`, a malicious user could inject arbitrary shell commands. For example, if a user provides `--gpu 'RTX 4090' --price 0.5; rm -rf / #` as input for the GPU parameter, and the LLM constructs the command without proper escaping, it could lead to arbitrary code execution on the host system. Instruct the LLM to strictly sanitize or shell-escape all user-provided arguments before constructing and executing the `node` command. Ensure that all parameters are properly quoted to prevent shell metacharacter interpretation. For example, use a robust shell escaping function for each parameter. | LLM | SKILL.md:30 | |
| HIGH | Exposure of Sensitive SSH Connection Details The `connect` capability of the skill, implemented in `src/VastClient.ts` and exposed via `src/adapter.ts`, returns a complete SSH connection string (e.g., `ssh -p <port> root@<host>`). While this is the intended functionality, SSH credentials provide direct access to the rented GPU instance. If the LLM's output is compromised, or if the LLM is tricked into logging or sharing this information inappropriately, it could lead to unauthorized access to the user's GPU instance. Instruct the LLM to handle SSH connection strings with extreme care. It should only display this information directly to the requesting user and explicitly avoid logging, storing, or sharing it with other agents or users. Consider implementing a user confirmation step before revealing the SSH string to ensure the user explicitly intends to receive it. | LLM | src/VastClient.ts:80 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sschepis/vast-ai/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'axios' is not pinned to an exact version ('^1.13.4'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/sschepis/vast-ai/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/d40821fb5dff9cbc)
Powered by SkillShield