Trust Assessment
goal-tracker received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Overly broad file access granted to skill directory, Potential command injection through unsanitized user input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential command injection through unsanitized user input The skill's documentation (`SKILL.md`) describes commands (`tracker log`, `tracker milestone`) that accept user-provided string arguments (e.g., "Description", "5km run"). If the LLM agent constructs these shell commands by directly embedding unsanitized user input, a malicious user could inject arbitrary shell commands (e.g., `"; rm -rf /"`), leading to command execution on the host system. This is a common vulnerability when LLM agents interact with shell commands based on user input. The LLM agent must rigorously sanitize and escape all user-provided input before passing it as arguments to shell commands. Additionally, the `tracker` executable itself should be designed to treat all command-line arguments as data, not code, to prevent injection even if the agent fails to sanitize. | LLM | SKILL.md:15 | |
| MEDIUM | Missing required field: name The 'name' field is required for openclaw skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/alti-systems/goal-tracker/SKILL.md:1 | |
| MEDIUM | Overly broad file access granted to skill directory The skill's manifest (`skill.json`) grants read/write access to the entire `/root/clawd/goal-tracker/` directory. This is excessive if the skill only requires access to specific data files (e.g., `data/goals.json`, `data/daily-log.json`, `index.html`). Granting access to the entire directory could allow the skill to read or modify its own executable code or other potentially sensitive files within its directory, which might not be necessary for its intended function. Restrict the `files` array in `skill.json` to only the specific data files or subdirectories that the skill genuinely needs to access, e.g., `["/root/clawd/goal-tracker/data/goals.json", "/root/clawd/goal-tracker/data/daily-log.json", "/root/clawd/goal-tracker/index.html"]` or `["/root/clawd/goal-tracker/data/", "/root/clawd/goal-tracker/index.html"]`. | LLM | skill.json:10 |
Scan History
Embed Code
[](https://skillshield.io/report/75d97b8916477365)
Powered by SkillShield