Trust Assessment
monkeytype-tracker received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Suspicious import: requests, Potential Command Injection via Cron Job Creation, Excessive Permissions: Cron Job Management.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via Cron Job Creation The skill instructs the host LLM to create cron jobs using user-provided input for the schedule (e.g., '{hour}'). If the LLM directly interpolates this user-controlled value into a shell command for cron without proper sanitization, a malicious user could provide input containing shell metacharacters (e.g., '0; rm -rf /') to execute arbitrary commands on the system. This is a severe command injection vulnerability. The host LLM must strictly sanitize and validate all user-provided input for cron job schedules and commands. Ensure that only valid time components (e.g., digits 0-23) are accepted for '{hour}' and that no shell metacharacters can be injected. Prefer using programmatic cron management libraries that handle escaping over direct shell command interpolation. | LLM | SKILL.md:109 | |
| HIGH | Excessive Permissions: Cron Job Management The skill requires the ability to create and manage cron jobs on the host system for its automated reporting feature. This grants the skill elevated system-level permissions to schedule tasks. While necessary for the intended functionality, this capability, especially when combined with potential command injection vulnerabilities, significantly increases the attack surface and the impact of a successful exploit, potentially leading to persistent arbitrary code execution. Implement strict sandboxing and least-privilege principles for any cron job creation or modification. Ensure that the cron job command itself is fixed and not user-modifiable. Regularly audit scheduled tasks for unauthorized entries. Consider if a less privileged or more isolated scheduling mechanism could fulfill the requirement. | LLM | SKILL.md:109 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/qrucio/monkeytype-tracker/scripts/monkeytype_stats.py:18 | |
| LOW | Credential Handling: API Key Storage on Disk The skill explicitly requests the user's Monkeytype ApeKey and instructs the LLM to store it in a local configuration file (`~/.openclaw/workspace/config/monkeytype.json`). While this is necessary for functionality and the skill recommends environment variables as a more secure alternative, storing API keys on disk always carries a residual risk if the file system is compromised or if file permissions are not adequately secured. Ensure the configuration file (`~/.openclaw/workspace/config/monkeytype.json`) has appropriate file permissions (e.g., readable only by the owner). Strongly encourage users to utilize environment variables for sensitive credentials. For highly sensitive keys, consider implementing encryption for the stored configuration file. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/2c2822a67aad0678)
Powered by SkillShield