Trust Assessment
Family Todo Manager received a trust score of 95/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential Path Traversal via process.cwd().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential Path Traversal via process.cwd() The skill constructs its data file path using `path.join(process.cwd(), 'memory/todo.json')`. If an attacker can control the current working directory (`process.cwd()`) from which the `todo.js` script is executed, they could potentially cause the skill to write the `todo.json` file to an arbitrary location on the filesystem (e.g., by setting `cwd` to `/tmp/../../../../etc`). This could lead to data corruption, denial of service, or unauthorized file creation in sensitive directories. While AI agent runtimes often control the working directory, this pattern introduces a dependency on that control. Use an absolute path for the data file that is not dependent on `process.cwd()`, or ensure that the execution environment strictly controls and sanitizes the working directory. For example, use `path.join(__dirname, 'memory/todo.json')` to anchor the file relative to the script's location, or use a dedicated, secure data directory provided by the agent runtime. | LLM | todo.js:18 |
Scan History
Embed Code
[](https://skillshield.io/report/beba7163f6703469)
Powered by SkillShield