Trust Assessment
project-manager received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Direct filesystem access via hardcoded absolute path, Capability to execute other skills.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Direct filesystem access via hardcoded absolute path The skill explicitly states it will read and write to a hardcoded absolute path `/Users/fz1/clawd/data/pm/projects.json`. This grants the skill direct read/write access to a specific file on the local filesystem, which is an excessive permission. A compromised skill or malicious prompt could exploit this to exfiltrate data from `projects.json` or inject malicious content into it. This path is also non-portable and assumes a specific user's directory structure. Avoid hardcoding absolute filesystem paths. Use relative paths, environment variables, or a secure configuration mechanism to define data storage locations. Implement strict sandboxing and access controls to limit the skill's filesystem interactions to only necessary, designated directories. Ensure data read/written is validated. | LLM | SKILL.md:7 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/fr0ziii/project-manager/SKILL.md:1 | |
| MEDIUM | Capability to execute other skills The skill description mentions "ejecutar skill `apple-reminders` para crear recordatorio". This indicates the ability to invoke and execute other skills. While this is a common pattern for modularity, it introduces a potential privilege escalation or command injection vector if the invoked `apple-reminders` skill has broader permissions or is vulnerable to injection through its parameters. The security of this skill is dependent on the security of `apple-reminders` and the sanitization of inputs passed to it. Implement strict input validation and sanitization for all parameters passed to other skills. Ensure that the `apple-reminders` skill itself follows security best practices and operates with the principle of least privilege. Consider explicit whitelisting of callable skills and their allowed parameters. | LLM | SKILL.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/3e72cfba0f5be8cc)
Powered by SkillShield