Trust Assessment
todo-tracker received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Regular Expression Denial of Service (ReDoS) via user input in grep and sed, Arbitrary file read/write via TODO_FILE environment variable.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Regular Expression Denial of Service (ReDoS) via user input in grep and sed The `mark_done` and `remove_item` functions in `scripts/todo.sh` use user-provided `<item-pattern>` directly within regular expressions for `grep` and `sed` commands. A malicious user could craft a complex, backtracking-heavy regular expression (e.g., `(a+)+b`) which, when processed by `grep` or `sed`, could consume excessive CPU resources, leading to a denial of service for the agent or the system running the script. Sanitize user-provided patterns before using them in regular expressions, or use tools that do not interpret the input as a full regular expression (e.g., `fgrep` for fixed strings). If regex is required, implement timeouts or use a regex engine with better performance guarantees against ReDoS. For simple substring matching, consider using `grep -F` or `awk`'s `index()` function. | Unknown | scripts/todo.sh:80 | |
| MEDIUM | Arbitrary file read/write via TODO_FILE environment variable The `TODO_FILE` variable is initialized from the environment (`TODO_FILE="${TODO_FILE:-TODO.md}"`). If an attacker can control the environment variables passed to the script, they could set `TODO_FILE` to an arbitrary file path (e.g., `/etc/passwd`, `/var/log/auth.log`). The `list_items` function then uses `cat "$TODO_FILE"` to display the file's contents, allowing for data exfiltration. Other functions could also overwrite or modify arbitrary files, leading to data corruption or further compromise. Do not allow `TODO_FILE` to be set by an environment variable if the script is intended to operate only on a specific, fixed file. If dynamic file paths are necessary, strictly validate the path to ensure it is within an allowed directory (e.g., a dedicated data directory for the skill) and does not contain path traversal sequences (`../`). | Unknown | scripts/todo.sh:10 |
Scan History
Embed Code
[](https://skillshield.io/report/88936f983b15c251)
Powered by SkillShield