Trust Assessment
cron-creator received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 4 high, 0 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Unpinned remote script execution via `curl | bash`, Skill granted `tools.exec.host` with user input to command construction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned remote script execution via `curl | bash` The skill's installation instructions recommend executing a script directly from a remote GitHub URL using `bash -c "$(curl -sL ...)"`. This method is highly insecure as the script is not version-pinned and can be changed at any time by the repository owner or if the repository is compromised. This allows for arbitrary code execution on the user's system without prior review, posing a critical supply chain risk. Avoid `curl | bash` for installation. Users should be instructed to manually download, review, and then execute installation scripts. If direct download is necessary, the script should be pinned to a specific commit hash to ensure immutability, and users should be advised to verify the hash. Alternatively, provide installation via a trusted package manager. | LLM | SKILL.md:10 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/digitaladaption/cron-creator/SKILL.md:18 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/digitaladaption/cron-creator/SKILL.md:19 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/digitaladaption/cron-creator/SKILL.md:136 | |
| HIGH | Skill granted `tools.exec.host` with user input to command construction The skill's installation configures `Clawdbot tools.exec.host=gateway`, granting it the ability to execute `clawdbot` commands on the host system. The `SKILL.md` explicitly states that the `cron_creator.py` script "Parses time, frequency, channel, and message" from natural language and "Generates appropriate `clawdbot cron add` command". This combination means user-provided natural language input is used to construct shell commands that are then executed via `clawdbot`. Without proper sanitization and validation in `cron_creator.py`, this creates a high risk of command injection, allowing a malicious user to execute arbitrary commands on the host system by crafting specific natural language inputs. Implement strict input validation and sanitization within `scripts/cron_creator.py` to prevent malicious user input from being injected into the `clawdbot cron add` command. Ensure all user-controlled parts of the command are properly escaped or quoted. Consider using a safer API for cron job creation if `clawdbot` offers one that doesn't involve direct shell command construction from user input. | LLM | SKILL.md:75 |
Scan History
Embed Code
[](https://skillshield.io/report/b0890b3b139cdd89)
Powered by SkillShield