Trust Assessment
diy-pc-ingest received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 6 high, 1 medium, and 0 low severity. Key findings include Hidden network beacons / undisclosed telemetry, Suspicious import: urllib.request, Arbitrary file write via environment variable controlled path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/nextaltair/openclaw-skill-diy-pc-ingest/scripts/bootstrap_config.js:79 | |
| HIGH | Hidden network beacons / undisclosed telemetry DNS query with variable subdomain (DNS exfiltration) Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/nextaltair/openclaw-skill-diy-pc-ingest/scripts/notion_apply_records.js:73 | |
| HIGH | Arbitrary file write via environment variable controlled path The `notion_apply_records.js` script's `loadConfig` function checks for the `DIY_PC_INGEST_CONFIG` environment variable to determine the configuration file path. If this path does not exist, the `bootstrapConfig` function is called to create the configuration file at that path. An attacker who can control the `DIY_PC_INGEST_CONFIG` environment variable (e.g., via prompt injection into the host LLM that sets environment variables for skill execution) could specify an arbitrary file path. This would cause the skill to write its Notion configuration (including Notion database IDs) to an attacker-controlled location, leading to arbitrary file write and potential data exfiltration of Notion IDs. Validate the `DIY_PC_INGEST_CONFIG` path to ensure it is within an allowed directory (e.g., `~/.config/diy-pc-ingest/`) or restrict the environment variable to only accept a filename, not a full path, and always join it with a secure base directory. | LLM | scripts/notion_apply_records.js:67 | |
| HIGH | Arbitrary file read for API key via environment variable controlled path (JS) The `notion_apply_records.js` script's `notionApiKey` function attempts to load the Notion API key from a file specified by the `NOTION_API_KEY_FILE` environment variable. If an attacker can control this environment variable, they could specify an arbitrary file path (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`). The script would then attempt to read the contents of that file, potentially exfiltrating sensitive system files or other credentials if the skill's execution context has read permissions to those files. Remove support for `NOTION_API_KEY_FILE` environment variable. Rely solely on `NOTION_API_KEY` environment variable or inline configuration, which are less prone to path traversal attacks. If file-based loading is absolutely necessary, restrict the path to a fixed, non-user-controlled location or validate it rigorously. | LLM | scripts/notion_apply_records.js:88 | |
| HIGH | Arbitrary file read for API key via environment variable controlled path (Python) The `_deprecated/notion_apply_records.py` script's `notion_api_key` function attempts to load the Notion API key from a file specified by the `NOTION_API_KEY_FILE` environment variable. Similar to the JS script, an attacker controlling this environment variable could specify an arbitrary file path. The script would then attempt to read the contents of that file, potentially exfiltrating sensitive system files or other credentials if the skill's execution context has read permissions to those files. Remove support for `NOTION_API_KEY_FILE` environment variable. Rely solely on `NOTION_API_KEY` environment variable or inline configuration, which are less prone to path traversal attacks. If file-based loading is absolutely necessary, restrict the path to a fixed, non-user-controlled location or validate it rigorously. | LLM | scripts/_deprecated/notion_apply_records.py:90 | |
| HIGH | Arbitrary file read for configuration via environment variable controlled path (Python) The `_deprecated/notion_apply_records.py` script's `load_config` function checks for the `DIY_PC_INGEST_CONFIG` environment variable to determine the configuration file path. An attacker who can control this environment variable could specify an arbitrary file path. The script would then attempt to read the contents of that file and parse it as JSON. This could lead to exfiltration of sensitive information (e.g., Notion IDs) if the file contains credentials or other confidential data, or cause a denial of service if the file is not valid JSON. Validate the `DIY_PC_INGEST_CONFIG` path to ensure it is within an allowed directory (e.g., `~/.config/diy-pc-ingest/`) or restrict the environment variable to only accept a filename, not a full path, and always join it with a secure base directory. | LLM | scripts/_deprecated/notion_apply_records.py:60 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/nextaltair/openclaw-skill-diy-pc-ingest/scripts/_deprecated/notion_apply_records.py:26 |
Scan History
Embed Code
[](https://skillshield.io/report/380f5d0db73f52e2)
Powered by SkillShield