Trust Assessment
windows-remote received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 2 critical, 2 high, 7 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: SSH key/config, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 43/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/dongsjoa-byte/windows-remote/SKILL.md:111 | |
| CRITICAL | Remote Command Injection via win-exec.sh The `win-exec.sh` script directly passes the first argument (`$1`, representing the command) to the `ssh` command for execution on the remote Windows machine. This allows for arbitrary command injection if untrusted input is provided as the command argument. An attacker could execute malicious commands on the remote system by crafting the input to `win-exec.sh`. Implement robust input sanitization for the command argument before passing it to `win-exec.sh`. If arbitrary command execution is intended, the LLM calling this skill must be explicitly instructed to sanitize or validate user input. Consider using a more constrained remote execution mechanism if possible, or ensure the remote environment is sandboxed. | LLM | scripts/win-exec.sh:30 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/authorized_keys'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/dongsjoa-byte/windows-remote/SKILL.md:111 | |
| HIGH | SSH Host Key Verification Disabled All SSH/SCP scripts (`win-download.sh`, `win-exec.sh`, `win-upload.sh`) disable `StrictHostKeyChecking` by setting it to `no`. This bypasses host authenticity verification, making the connections vulnerable to Man-in-the-Middle (MITM) attacks. An attacker could impersonate the remote host and intercept or alter data, or gain unauthorized access. Remove `-o "StrictHostKeyChecking=no"`. Instead, ensure that the remote host's public key is properly managed in the `~/.ssh/known_hosts` file. For automated environments, consider pre-populating `known_hosts` or using `HashKnownHosts yes` with `UpdateHostKeys yes` if appropriate for the security model. | LLM | scripts/win-download.sh:22 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dongsjoa-byte/windows-remote/scripts/win-download.sh:10 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dongsjoa-byte/windows-remote/scripts/win-download.sh:31 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dongsjoa-byte/windows-remote/scripts/win-exec.sh:11 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dongsjoa-byte/windows-remote/scripts/win-exec.sh:35 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dongsjoa-byte/windows-remote/scripts/win-upload.sh:10 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/dongsjoa-byte/windows-remote/scripts/win-upload.sh:31 | |
| MEDIUM | File Transfer Abuse and Remote Path Injection via SCP The `win-upload.sh` and `win-download.sh` scripts facilitate file transfers to and from a remote Windows machine. While this is the intended functionality, it presents a risk of data exfiltration (downloading sensitive remote files) or data ingress (uploading malicious files). Additionally, the remote path argument in `scp` (e.g., `"${USER}@${HOST}:${REMOTE}"`) could potentially be interpreted by the remote shell on the Windows machine if it contains shell metacharacters, leading to remote command execution or unintended file operations. Implement strict validation and sanitization for both local and remote file paths provided by untrusted sources. Ensure paths do not contain shell metacharacters. Consider using `sftp` with explicit path handling rather than `scp` for more robust file transfer security, especially when dealing with untrusted remote paths. The LLM calling this skill must be aware of the sensitive nature of file transfer operations and validate user requests carefully. | LLM | scripts/win-upload.sh:30 |
Scan History
Embed Code
[](https://skillshield.io/report/7b813cd732b8b8c1)
Powered by SkillShield