Trust Assessment
strava-cycling-coach received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 16 findings: 2 critical, 3 high, 11 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Unsafe deserialization / dynamic eval, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings16
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/ericrosenberg/strava-cycling-coach/SKILL.md:48 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/ericrosenberg/strava-cycling-coach/SKILL.md:45 | |
| HIGH | Potential data exfiltration: file read + network send Function 'refresh_token_if_needed' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/analyze_rides.py:43 | |
| HIGH | Potential data exfiltration: file read + network send Function 'refresh_token_if_needed' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/get_latest_ride.py:40 | |
| HIGH | Potential data exfiltration: file read + network send Function 'refresh_token_if_needed' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/monitor_new_rides.py:41 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ericrosenberg/strava-cycling-coach/scripts/analyze_rides.py:3 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/ericrosenberg/strava-cycling-coach/scripts/monitor_new_rides.py:3 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/analyze_and_notify.py:10 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/analyze_rides.py:9 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/complete_auth.py:8 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/get_latest_ride.py:8 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/monitor_new_rides.py:8 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/ericrosenberg/strava-cycling-coach/SKILL.md:45 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/auto_analyze_new_rides.sh:5 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/ericrosenberg/strava-cycling-coach/scripts/setup.sh:4 | |
| MEDIUM | Potential Argument Injection in External Command Call The script `analyze_and_notify.py` constructs a message using data from Strava activities, including the activity name, and then passes this message as an argument to an external command `clawdbot`. If a Strava activity name contains shell metacharacters or arguments (e.g., `--delete-all`), and the `clawdbot` command-line tool is not robust against argument injection, it could lead to unintended actions. While `subprocess.run` with a list of arguments prevents shell injection, it does not prevent argument injection if the external command interprets arguments within the message string. Ensure that the `clawdbot` command-line tool is robust against argument injection, treating the message argument as literal text and not parsing it for additional flags. If `clawdbot` is under your control, consider adding a `--` separator before the message argument (e.g., `subprocess.run(["clawdbot", "message", "--chat-id", chat_id, "--", message])`) to explicitly mark the end of options, if `clawdbot` supports it. Alternatively, sanitize or escape potentially problematic characters from the `message` content before passing it to the external command. | LLM | scripts/analyze_and_notify.py:204 |
Scan History
Embed Code
[](https://skillshield.io/report/e4cd79a470d3607a)
Powered by SkillShield