Trust Assessment
rememberall received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Command Injection via 'date -d' in parse-cron.sh, Command Injection via 'openclaw cron rm $ID', Unpinned Dependency in Skill Installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via 'date -d' in parse-cron.sh The `scripts/parse-cron.sh` script directly uses user-controlled input `$WHEN` within the `date -d "${WHEN} UTC"` command without proper sanitization. This allows an attacker to inject arbitrary shell commands by crafting a malicious `$WHEN` value (e.g., `$(rm -rf /)` or `'; evil_command;'`). This can lead to arbitrary code execution on the host system. Sanitize the `$WHEN` variable rigorously before passing it to the `date -d` command. Consider using `printf %q` to properly quote the variable for shell execution, or use a more robust date parsing library that does not involve direct shell execution of user input. Ensure only expected date/time formats are accepted. | LLM | scripts/parse-cron.sh:18 | |
| HIGH | Command Injection via 'openclaw cron rm $ID' The skill allows users to delete reminders using `openclaw cron rm $ID`. If the `$ID` (or `name` if allowed) provided by the user is not strictly validated or escaped, an attacker could inject shell metacharacters (e.g., `$(command)`) into the `$ID` field, leading to arbitrary command execution when the `openclaw cron rm` command is executed. Ensure that any user-provided `$ID` or `name` for deletion is strictly validated (e.g., against a UUID pattern or a whitelist of valid names) and properly escaped before being passed to the `openclaw cron rm` command. The `openclaw` tool itself should ideally sanitize its arguments. | LLM | SKILL.md:49 | |
| HIGH | Unpinned Dependency in Skill Installation The skill installs the `secure-sync` package using `clawhub install secure-sync` without specifying a version. This makes the skill vulnerable to supply chain attacks, where a malicious update to the `secure-sync` package (or a typosquatted package with a similar name) could be automatically installed, compromising the system. Pin the dependency to a specific, known-good version (e.g., `clawhub install secure-sync@1.2.3`). Regularly audit and update dependencies. Verify the authenticity and reputation of all third-party packages. | LLM | SKILL.md:30 | |
| MEDIUM | Excessive Permissions Combined with Command Injection Vulnerabilities The skill operates with significant permissions, including the ability to install packages (`clawhub install`), modify file permissions (`chmod +x`), and schedule/remove system-level cron jobs (`openclaw cron add`, `openclaw cron rm`). While these permissions are necessary for the skill's intended functionality, their combination with identified command injection vulnerabilities (in `parse-cron.sh` and `openclaw cron rm`) elevates the risk significantly, allowing an attacker to leverage these permissions for broader system compromise. Prioritize fixing the command injection vulnerabilities. Implement the principle of least privilege, ensuring the skill only has the minimum necessary permissions. Regularly review and audit the scope of permissions granted to skills. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/b11c9f4be452fde1)
Powered by SkillShield