Security Audit

pomodoro-bot

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pomodoro-bot received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $USER, Command Injection via unsanitized user inputs to `openclaw cron add`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Command Injection via unsanitized user inputs to `openclaw cron add` The `scripts/start_pomodoro.sh` script constructs `openclaw cron add` commands using several user-controlled inputs: `WORK_MINS`, `REST_MINS`, and `USER_ID`. These values are taken directly from command-line arguments without strict validation or sanitization. Specifically: 1. `USER_ID` is used to form cron job names (`pomodoro-work-${USER_ID}`) and as the `--to` recipient. If `openclaw cron add` or the underlying cron system uses these names/targets in a shell-evaluated context without proper escaping, a malicious `USER_ID` (e.g., `malicious_user; rm -rf /`) could lead to arbitrary command execution. 2. `WORK_MINS` and `REST_MINS` are used in the `--at` argument (e.g., `--at '${WORK_MINS}m'`). If `openclaw cron add` interprets this argument in a way that allows shell metacharacters to be executed (e.g., `1; evil_command; #m`), it could also lead to command injection. While the arithmetic expansion `$(())` for `WORK_MINS + REST_MINS` is safe, the resulting string passed to `--at` is still vulnerable if not properly handled by `openclaw cron add`. Implement strict input validation for `WORK_MINS`, `REST_MINS`, and `USER_ID` to ensure they conform to expected formats (e.g., positive integers for minutes, alphanumeric for user IDs) and do not contain shell metacharacters. The `openclaw cron add` command (and its underlying implementation) must ensure that all user-provided arguments are treated as literal strings and are properly escaped or sanitized before being used in any shell-evaluated context (e.g., when constructing cron job commands or system calls). Prefer using APIs that pass arguments as distinct elements rather than concatenating them into a single shell string.	LLM	scripts/start_pomodoro.sh:40
MEDIUM	Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/nouop/pomodoro-bot/scripts/start_pomodoro.sh:30

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f001c24560262960.svg)](https://skillshield.io/report/f001c24560262960)