Trust Assessment
wled received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Server-Side Request Forgery (SSRF) via unvalidated host parameter, Potential Prompt Injection via unsanitized WLED device metadata.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Server-Side Request Forgery (SSRF) via unvalidated host parameter The `wled_request` function constructs a URL using the user-provided `host` parameter directly in an f-string (e.g., `url = f"http://{host}/{endpoint}"`). This allows an attacker to supply an arbitrary IP address or hostname, causing the agent to make requests to internal network services or other arbitrary external hosts. This could lead to information disclosure, interaction with unintended services, or port scanning of internal networks, depending on the agent's execution environment and network access. Implement strict validation for the `host` parameter. This could involve whitelisting known WLED device IPs/hostnames, or validating that the host is a private IP address (if only local devices are intended) and not a public IP or a hostname that resolves to one. Additionally, consider network segmentation or firewall rules to restrict outbound connections from the agent's execution environment. | LLM | scripts/wled.py:20 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/rowbotik/wled/scripts/wled.py:9 | |
| MEDIUM | Potential Prompt Injection via unsanitized WLED device metadata The skill retrieves and prints various metadata from the WLED device, such as device name, effect names, and palette names. If a WLED device is compromised or intentionally configured with malicious strings (e.g., containing instructions like 'ignore previous instructions' or markdown formatting), these unsanitized strings could be fed back to the host LLM. This could lead to prompt injection, where the LLM's behavior is manipulated by the device's output. Sanitize all output originating from the WLED device before it is returned to the host LLM. This could involve stripping markdown, HTML, or specific keywords, or encoding the output to prevent it from being interpreted as instructions or formatting by the LLM. | LLM | scripts/wled.py:120 |
Scan History
Embed Code
[](https://skillshield.io/report/43a425e3563271cb)
Powered by SkillShield