Trust Assessment
daily-rhythm received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Shell script executes local Python scripts with hardcoded path, Hardcoded system path inserted into Python module search path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hardcoded system path inserted into Python module search path The `sync-google-tasks.py` script explicitly inserts a hardcoded system path (`/Users/tom/Library/Python/3.9/lib/python/site-packages`) at the beginning of `sys.path`. This forces Python to look for modules in this specific directory before others. If this directory is compromised or writable by an attacker, a malicious module with the same name as a legitimate dependency (e.g., `google.oauth2.credentials`) could be placed there and loaded by the script, leading to arbitrary code execution and potential credential harvesting or data exfiltration. This bypasses standard virtual environment isolation and package management best practices. Remove the hardcoded `sys.path.insert`. Rely on standard Python package management (e.g., `pip install` into a virtual environment) to ensure dependencies are loaded correctly and securely. If specific paths are needed, ensure they are dynamically and securely determined, and that the directories are protected. | LLM | scripts/sync-google-tasks.py:8 | |
| MEDIUM | Shell script executes local Python scripts with hardcoded path The `morning-brief.sh` script directly executes other Python scripts (`sync-google-tasks.py`, `sync-stripe-arr.py`) using `python3` commands. This demonstrates the capability for shell execution. The script also uses a hardcoded `cd /Users/tom/.openclaw/workspace` command. If this specific directory or the `python3` executable itself were compromised, or if user input were ever incorporated into these commands without sanitization, it could lead to arbitrary command injection. While currently executing trusted local scripts, this pattern is a potential vulnerability. Avoid hardcoding absolute paths like `/Users/tom/.openclaw/workspace`. Use relative paths or dynamically determine the workspace root. Ensure all executed scripts are part of the trusted skill package and that no untrusted input can influence the commands or their arguments. Consider using Python's `subprocess` module with `shell=False` for more controlled execution. | LLM | scripts/morning-brief.sh:8 |
Scan History
Embed Code
[](https://skillshield.io/report/8927db01e69b5930)
Powered by SkillShield