lmstudio-cli

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides tools and instructions for managing LM Studio instances via CLI and HTTP APIs. No malicious patterns such as credential theft, persistence, or data exfiltration were detected. The operations are restricted to the intended purpose of model management and endpoint verification.\n- [SAFE]: The Python helper script scripts/check_lmstudio_endpoint.py explicitly disables SSL certificate verification (ssl.CERT_NONE). While this is a security best practice violation that could expose connections to man-in-the-middle attacks, it is a common configuration for interacting with local development servers and self-signed certificates in private environments.\n- [SAFE]: The skill performs network operations using curl and Python's urllib to interact with user-specified hosts and ports. This is essential for its documented purpose of verifying and managing LM Studio servers.\n- [SAFE]: Indirect Prompt Injection Surface Analysis:\n
  • Ingestion points: The skill reads JSON data from LM Studio's /v1/models and /v1/chat/completions endpoints via curl and scripts/check_lmstudio_endpoint.py.\n
  • Boundary markers: No explicit delimiters or instructions are used to separate API data from agent instructions.\n
  • Capability inventory: The agent has access to Bash (for running CLI tools), Write, and WebFetch tools.\n
  • Sanitization: The skill treats API responses as structured JSON data, which inherently limits the execution of embedded natural language instructions compared to free-text processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:07 AM
Security Audit — agent-trust-hub — lmstudio-cli