Trust Assessment
lofy received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential for Command Injection via CLI tools, Skill requires excessive and broad system/service permissions, High potential for sensitive data exfiltration due to broad data handling and communication channels.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for Command Injection via CLI tools The skill explicitly mentions using external command-line interface (CLI) tools such as `gog` (for Google Workspace), `spogo` (for Spotify), `openclaw cron`, and `cron`. If the arguments passed to these CLI tools are constructed dynamically based on user input or other untrusted data without proper sanitization, an attacker could inject arbitrary shell commands. This could lead to unauthorized data access, system modification, or further compromise of the host system. Implement strict input validation and sanitization for all data used to construct CLI commands. Prefer using API wrappers or libraries over direct shell execution where possible. If shell execution is necessary, use parameterized commands or escape all dynamic input carefully. Ensure the agent's execution environment is sandboxed with minimal necessary permissions. | LLM | SKILL.md:93 | |
| HIGH | Skill requires excessive and broad system/service permissions The skill is designed as a 'complete life management system' and requires extensive access to highly sensitive personal data, external services (Google Workspace, Spotify, Home Assistant), and system functionalities (cron jobs, filesystem read/write, smart home control). This broad scope of access means that if the skill is compromised or misconfigured, it could lead to significant data exfiltration, unauthorized actions on integrated services, or control over physical devices. While the skill's purpose necessitates these permissions, the inherent risk is high if the underlying platform does not enforce strict least-privilege principles and robust sandboxing. Implement a robust permission model for the OpenClaw platform that enforces the principle of least privilege. Skills should only be granted the absolute minimum permissions required for their functionality. Utilize sandboxing, containerization, and fine-grained access controls for filesystem, network, and external API interactions. Regularly audit the permissions granted to skills and their actual usage. | LLM | SKILL.md:3 | |
| MEDIUM | High potential for sensitive data exfiltration due to broad data handling and communication channels The skill is designed to collect, store, and process a vast amount of highly sensitive personal information, including life goals, fitness data, career details, project statuses, smart home configurations, and daily personal logs. It also integrates with personal communication channels (Telegram, WhatsApp, Discord) and services like Gmail and Calendar. Despite explicit design principles like 'Respect privacy' and specific mitigations like 'MEMORY.md never loads in shared/group contexts (security)', the sheer volume and sensitivity of the data, combined with its intended transmission across various channels, creates a significant attack surface for accidental or malicious data exfiltration. A single misconfiguration or vulnerability could expose a user's entire personal life. Implement robust data loss prevention (DLP) mechanisms. Ensure all data storage is encrypted at rest and in transit. Strictly control which parts of the agent's memory and data stores are accessible to different tools or communication channels. Implement strict access controls and auditing for all sensitive data. Provide clear user controls for data sharing and retention. Regularly review and test for potential data leakage paths. | LLM | SKILL.md:33 |
Scan History
Embed Code
[](https://skillshield.io/report/a802bc583a2531ed)
Powered by SkillShield