Trust Assessment
todo-tracker received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Regular Expression Denial of Service (ReDoS) via user input in grep and sed, Arbitrary file read/write via TODO_FILE environment variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Regular Expression Denial of Service (ReDoS) via user input in grep and sed The `mark_done` and `remove_item` functions in `scripts/todo.sh` use user-provided `<item-pattern>` directly within regular expressions for `grep` and `sed` commands. A malicious user could craft a complex, backtracking-heavy regular expression (e.g., `(a+)+b`) which, when processed by `grep` or `sed`, could consume excessive CPU resources, leading to a denial of service for the agent or the system running the script. Sanitize user-provided patterns before using them in regular expressions, or use tools that do not interpret the input as a full regular expression (e.g., `fgrep` for fixed strings). If regex is required, implement timeouts or use a regex engine with better performance guarantees against ReDoS. For simple substring matching, consider using `grep -F` or `awk`'s `index()` function. | Static | scripts/todo.sh:80 | |
| MEDIUM | Arbitrary file read/write via TODO_FILE environment variable The `TODO_FILE` variable is initialized from the environment (`TODO_FILE="${TODO_FILE:-TODO.md}"`). If an attacker can control the environment variables passed to the script, they could set `TODO_FILE` to an arbitrary file path (e.g., `/etc/passwd`, `/var/log/auth.log`). The `list_items` function then uses `cat "$TODO_FILE"` to display the file's contents, allowing for data exfiltration. Other functions could also overwrite or modify arbitrary files, leading to data corruption or further compromise. Do not allow `TODO_FILE` to be set by an environment variable if the script is intended to operate only on a specific, fixed file. If dynamic file paths are necessary, strictly validate the path to ensure it is within an allowed directory (e.g., a dedicated data directory for the skill) and does not contain path traversal sequences (`../`). | Static | scripts/todo.sh:10 |
Scan History
Embed Code
[](https://skillshield.io/report/88936f983b15c251)
Powered by SkillShield