Trust Assessment
sec-filing-watcher received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 4 critical, 5 high, 1 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: macOS LaunchAgent, Hardcoded Webhook Token.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/in-liberty420/sec-filing-watcher/SKILL.md:40 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/in-liberty420/sec-filing-watcher/SKILL.md:35 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/in-liberty420/sec-filing-watcher/SKILL.md:73 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/in-liberty420/sec-filing-watcher/SKILL.md:78 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/in-liberty420/sec-filing-watcher/SKILL.md:35 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/in-liberty420/sec-filing-watcher/SKILL.md:73 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/in-liberty420/sec-filing-watcher/SKILL.md:78 | |
| HIGH | Hardcoded Webhook Token The `webhookToken` is hardcoded directly in `scripts/watcher.js`. While the `SKILL.md` instructs users to configure this value, providing a default hardcoded secret is a significant security risk. If this skill were deployed with the default token, it could lead to unauthorized access or compromise of the webhook endpoint. Remove the hardcoded default token. Require the user to explicitly set this value in an environment variable or a secure configuration file (e.g., `.env` or a dedicated config file that is not committed to version control). Provide a placeholder or an error if the token is not set. | LLM | scripts/watcher.js:29 | |
| HIGH | Untrusted Data Sent to LLM Webhook The `sendNotification` function (called on line 70, though its body is truncated) is designed to send `filing` data (including `title`, `summary`, `url`) to a webhook, which is likely consumed by an LLM (Clawdbot). These `filing` details are extracted from external SEC EDGAR XML, making them untrusted inputs. If these fields are directly embedded into a prompt for the receiving LLM without proper sanitization or instruction framing, a malicious or malformed SEC filing could potentially inject instructions into the Clawdbot LLM, leading to unintended actions or data exfiltration from the LLM's context. Implement robust sanitization and explicit instruction framing for all untrusted data (`filing.title`, `filing.summary`, `filing.url`, etc.) before sending it to the LLM webhook. Ensure that the LLM's prompt template clearly distinguishes between user-provided data and system instructions, and that data is always treated as content, not commands. | LLM | scripts/watcher.js:70 | |
| MEDIUM | Unsanitized Ticker in URL Construction The `fetchFilings` function constructs a URL using the `ticker` variable directly without URL encoding. While `formType` is encoded with `encodeURIComponent`, a malicious `ticker` value (if the `watchlist.json` is compromised or manipulated) could potentially inject additional URL parameters into the SEC EDGAR request. This could lead to unexpected behavior, or in a broader context, could be a vector for Server-Side Request Forgery (SSRF) if the base URL were also controllable. Apply `encodeURIComponent()` to the `ticker` variable before interpolating it into the URL string to prevent URL injection vulnerabilities. For example: `CIK=${encodeURIComponent(ticker)}`. | LLM | scripts/watcher.js:110 | |
| INFO | Missing package.json for Dependency Management The skill uses Node.js and relies on modules (e.g., `fs`, `path`, and implicitly `fetch`). However, no `package.json` file is provided in the context. This makes it impossible to verify pinned dependencies, check for known vulnerabilities in packages, or detect typosquatting. Without a `package.json`, dependency management best practices cannot be assessed, increasing supply chain risk. Include a `package.json` file that explicitly lists and pins all direct and transitive dependencies used by the skill. Regularly audit dependencies for known vulnerabilities using tools like `npm audit`. | LLM | N/A |
Scan History
Embed Code
[](https://skillshield.io/report/986d4463618e8ec7)
Powered by SkillShield