Trust Assessment
fix-life-in-1-day received a trust score of 46/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, User input directly embedded in markdown output, enabling data exfiltration, Skill's working directory can be arbitrarily redirected by untrusted input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | User input directly embedded in markdown output, enabling data exfiltration The skill saves user responses directly into markdown files (`session-NN.md`) without sanitization. These files are later concatenated into `final-document.md` by `scripts/export.sh` and returned to the user. If a user provides malicious markdown (e.g., `)`), a markdown renderer could attempt to load an external resource, potentially exfiltrating local files or other sensitive information accessible to the skill's execution environment. Even simpler, `` could leak the IP address of the rendering environment. Sanitize all user-provided input (`$3`) before writing it to markdown files. This typically involves escaping or removing potentially malicious markdown constructs (e.g., `![]()`, `<script>`, `<iframe>`, `<img>` tags with external or `file://` sources). A common approach is to use a markdown sanitization library. | LLM | scripts/handler.sh:139 | |
| HIGH | Skill's working directory can be arbitrarily redirected by untrusted input The `handler.sh` script determines its `WORKSPACE` by iterating through all command-line arguments and checking if any argument is a directory or ends with `/clawd`. This means if untrusted user input (e.g., `USER_RESPONSE` in the `save` command) happens to be a valid directory path or ends with `/clawd`, the skill's entire data storage (`$DATA_DIR`) will be redirected to a user-controlled location. This allows an attacker to write skill data to arbitrary locations on the filesystem, potentially overwriting existing files, causing denial of service by filling up specific partitions, or exfiltrating data by writing to a publicly accessible directory. The `WORKSPACE` variable should be set explicitly by the trusted orchestrator and not be derivable from arbitrary command-line arguments, especially those that might contain untrusted user input. Ensure `WORKSPACE` is always a trusted, sandboxed path. | LLM | scripts/handler.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/evgyur/fix-life-in-1-day/scripts/export.sh:6 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/evgyur/fix-life-in-1-day/scripts/handler.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/evgyur/fix-life-in-1-day/scripts/init.sh:3 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/evgyur/fix-life-in-1-day/scripts/status.sh:3 |
Scan History
Embed Code
[](https://skillshield.io/report/28a03014653ac5e3)
Powered by SkillShield