Trust Assessment
flomo-via-app received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 14 findings: 6 critical, 1 high, 7 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Shell RC file modification, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings14
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/qiantao1001/flomo-via-app/SKILL.md:192 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/qiantao1001/flomo-via-app/scripts/configure.sh:57 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/qiantao1001/flomo-via-app/scripts/configure.sh:58 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/qiantao1001/flomo-via-app/scripts/configure.sh:60 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/qiantao1001/flomo-via-app/scripts/configure.sh:61 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/qiantao1001/flomo-via-app/scripts/configure.sh:63 | |
| HIGH | Unsanitized user input written to configuration files, leading to command injection The `configure.sh` script prompts the user for a `WEBHOOK_TOKEN`. If the user chooses to save this token to their shell configuration file (e.g., `~/.bashrc`, `~/.zshrc`) or to the local `.env` file, the script writes `export FLOMO_WEBHOOK_TOKEN=$WEBHOOK_TOKEN` or `FLOMO_WEBHOOK_TOKEN=$WEBHOOK_TOKEN` respectively, without sanitizing the `$WEBHOOK_TOKEN` variable. A malicious user could input a string like `mytoken; evil_command` or `mytoken=$(evil_command)`. When the shell configuration file is sourced (e.g., by opening a new terminal) or when `flomo_send.sh` sources the `.env` file, the malicious command would be executed in the user's shell context. When writing user-provided input to configuration files that will be sourced by a shell, ensure the input is properly escaped to prevent command injection. For shell variables, this typically means quoting the value. For example, use `echo "export FLOMO_WEBHOOK_TOKEN=\"$WEBHOOK_TOKEN\"" >> "$SHELL_CONFIG"` for shell config files and `echo "FLOMO_WEBHOOK_TOKEN=\"$WEBHOOK_TOKEN\"" > "$ENV_FILE"` for `.env` files. Alternatively, consider using a safer method for loading environment variables that does not involve `source`, such as parsing the file line by line. | LLM | scripts/configure.sh:81 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/qiantao1001/flomo-via-app/SKILL.md:192 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/qiantao1001/flomo-via-app/scripts/configure.sh:57 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/qiantao1001/flomo-via-app/scripts/configure.sh:57 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/qiantao1001/flomo-via-app/scripts/configure.sh:58 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/qiantao1001/flomo-via-app/scripts/configure.sh:60 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/qiantao1001/flomo-via-app/scripts/configure.sh:61 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/qiantao1001/flomo-via-app/scripts/configure.sh:63 |
Scan History
Embed Code
[](https://skillshield.io/report/bcca4f28256846ea)
Powered by SkillShield