Trust Assessment
sport-mode received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Shell Command Injection via '--every' parameter, LLM Prompt Injection via '--task' parameter.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell Command Injection via '--every' parameter The `INTERVAL` variable, which is user-controlled via the `--every` command-line argument, is passed unquoted to the `openclaw config set` command. This allows an attacker to inject arbitrary shell commands that will be executed by the script. For example, providing `--every "1m; rm -rf /"` would execute `rm -rf /` after the `openclaw config set` command, leading to potential system compromise or data loss. Quote the `$INTERVAL` variable when passing it to `openclaw config set` to prevent shell expansion. For example, `openclaw config set agents.defaults.heartbeat.every "${INTERVAL}"`. Additionally, implement strict input validation for the `--every` parameter to ensure it only contains expected time units (e.g., `^[0-9]+[smhd]$`) and does not contain special shell characters. | LLM | scripts/sport-mode.sh:37 | |
| CRITICAL | LLM Prompt Injection via '--task' parameter The `--task` argument, which is user-controlled, is directly inserted into `HEARTBEAT.md` without any sanitization or escaping. The `SKILL.md` explicitly states that `HEARTBEAT.md` is read by the agent as part of its context. If the agent is an LLM, this allows an attacker to inject arbitrary instructions, potentially overriding the LLM's system prompts, causing it to perform unintended actions, or exfiltrate sensitive information by manipulating its output. Implement strict sanitization or escaping of the `$TASK` variable before writing it to `HEARTBEAT.md`. If `HEARTBEAT.md` is intended for LLM consumption, consider using a structured format (e.g., JSON, YAML) and parsing it, rather than raw text, to clearly delineate instructions from data. Alternatively, restrict the content of `--task` to a predefined set of safe actions or use a templating system that prevents arbitrary instruction injection. | LLM | scripts/sport-mode.sh:43 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/l1vein/sport-mode/scripts/sport-mode.sh:6 |
Scan History
Embed Code
[](https://skillshield.io/report/759b397afd4b9aed)
Powered by SkillShield