Trust Assessment
remind-me received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unsanitized user input in `date -d` leads to command injection, Command injection via unsanitized data from reminder log, User message content sent to hardcoded external chat ID.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in `date -d` leads to command injection The `parse_time` function in `create-reminder.sh` directly uses user-controlled input (`$WHEN`) in a `date -d "$input"` command. This allows an attacker to inject arbitrary shell commands by providing a specially crafted `WHEN` string (e.g., `"; rm -rf /"`), leading to arbitrary code execution on the host system. Implement robust input validation and sanitization for `$WHEN` before passing it to `date -d`. Alternatively, use a safer method for date parsing that does not involve direct shell execution of user input, or escape all shell metacharacters in `$input` before passing it to `date -d`. | LLM | create-reminder.sh:33 | |
| HIGH | Command injection via unsanitized data from reminder log The `check-reminders.sh` script reads `datetime` values from `reminders.md` and uses them in `date -d "$datetime"`. If a malicious `datetime` string was previously injected into `reminders.md` (e.g., via the `create-reminder.sh` vulnerability), this script would then execute arbitrary commands when processing the log file. Ensure that all data written to `reminders.md` is properly sanitized and validated to prevent shell metacharacters. Additionally, sanitize `$datetime` before using it in `date -d` within `check-reminders.sh` as a defense-in-depth measure. | LLM | check-reminders.sh:27 | |
| MEDIUM | User message content sent to hardcoded external chat ID The `create-recurring.sh` and `create-reminder.sh` scripts send user-provided message content (`$MESSAGE`) to a hardcoded Telegram chat ID (`--to 6636746252`). This poses a data exfiltration risk if the hardcoded chat ID does not belong to the intended user or if the skill is used in a multi-user environment where messages could be inadvertently sent to the wrong recipient. Dynamically retrieve the user's chat ID from the environment or agent context instead of hardcoding it. Ensure that messages are only sent to the requesting user or a clearly designated and user-controlled recipient. | LLM | create-recurring.sh, create-reminder.sh:100 |
Scan History
Embed Code
[](https://skillshield.io/report/b580f5c4e7a5a2b7)
Powered by SkillShield