Trust Assessment
agent-money-tracker received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Broad Filesystem Access for Sensitive Data Storage, Explicit Data Export and Backup Functions, Unpinned Dependency in Installation Instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Broad Filesystem Access for Sensitive Data Storage The skill allows specifying an arbitrary filesystem path for data storage via `clawhub.initialize(path)` and the `CLAWHUB_DATA_PATH` environment variable. This grants the skill broad read/write access to the filesystem. A compromised AI agent could be manipulated to store sensitive financial data in insecure or publicly accessible locations, overwrite critical system files, or be directed to read/write from arbitrary paths, leading to data leakage or system integrity issues. Restrict the allowed paths for data storage to a predefined, secure directory (e.g., within the agent's sandbox or a dedicated data directory). Implement robust input validation and sanitization for any user-provided paths to prevent directory traversal or arbitrary file access. Consider using a virtual filesystem or sandboxing mechanisms if the skill is intended for untrusted environments. | LLM | SKILL.md:28 | |
| HIGH | Explicit Data Export and Backup Functions The skill provides `exportData()` and `backup()` methods that explicitly export all financial data as JSON or create a timestamped backup. While these are intended features for data management, they represent direct vectors for data exfiltration if the AI agent using this skill is compromised. An attacker could instruct the agent to call these methods and then retrieve the exported sensitive financial information. Implement strong access controls and user consent mechanisms before allowing an agent to call `exportData()` or `backup()`. Ensure that exported data is encrypted at rest and in transit. Consider adding an explicit confirmation step or requiring specific permissions from the user before sensitive data is exported or backed up. | LLM | SKILL.md:136 | |
| MEDIUM | Unpinned Dependency in Installation Instructions The installation instruction `npm install agent-money-tracker` does not specify a version for the `agent-money-tracker` package. This means that `npm` will install the latest available version, which could introduce breaking changes, new vulnerabilities, or even malicious code if the package maintainer's account is compromised. This poses a supply chain risk as the skill's behavior and security posture could change unexpectedly. Always pin dependencies to a specific version (e.g., `npm install agent-money-tracker@1.2.3`) or use a lock file (`package-lock.json`) to ensure deterministic builds and mitigate risks from unexpected updates. Regularly review and update dependencies. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/dcc2210c30a97098)
Powered by SkillShield