Trust Assessment
visla received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Sensitive environment variable access: $USER.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential data exfiltration: file read + network send Function 'upload_to_s3' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/visla-admin/visla/scripts/visla_cli.py:269 | |
| HIGH | Potential Command Injection via Sourced Credentials File The skill's documentation (`SKILL.md`), which is treated as untrusted content, instructs the AI agent to execute `source ~/.config/visla/.credentials`. The `source` command executes arbitrary shell commands found within the specified file. If an attacker could compromise or manipulate the content of `~/.config/visla/.credentials` (e.g., through a separate vulnerability or social engineering), this would lead to arbitrary code execution within the agent's environment. While the skill itself does not provide a direct mechanism to write to this file, relying on `source` for configuration loading is a high-risk practice as it assumes the integrity of a user-managed file. Avoid using `source` for loading credentials from user-managed files. Instead, parse the credentials file using a safer method (e.g., the `load_credentials_from_file` function already present in `scripts/visla_cli.py`) or rely solely on environment variables that are set by the user or system in a more controlled manner. If `source` is deemed absolutely necessary, implement strict file permissions (e.g., root-owned, not writable by others) and integrity checks. | LLM | SKILL.md:47 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/visla-admin/visla/scripts/visla_cli.py:48 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/visla-admin/visla/scripts/visla_cli.sh:169 | |
| LOW | Unpinned Python Dependency The Python script `scripts/visla_cli.py` imports the `requests` library without specifying a version. This can lead to supply chain vulnerabilities if a future version of `requests` or its transitive dependencies introduces malicious code or breaking changes. It also makes builds less reproducible across different environments or over time. Pin the `requests` dependency to a specific version (e.g., `requests==2.28.1`) in a `requirements.txt` file and ensure it's installed before running the script. Consider using a dependency management tool like Poetry or Pipenv to manage dependencies more robustly. | LLM | scripts/visla_cli.py:30 |
Scan History
Embed Code
[](https://skillshield.io/report/f1d0f6fdf0c5a322)
Powered by SkillShield