Trust Assessment
task-monitor received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 4 critical, 1 high, 3 medium, and 1 low severity. Key findings include Arbitrary command execution, Sensitive environment variable access: $HOME, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jorgermp/task-monitor/scripts/generate-dashboard.js:3 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jorgermp/task-monitor/server.js:4 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jorgermp/task-monitor/scripts/generate-dashboard.js:9 | |
| CRITICAL | Web Server Exposes Sensitive User Prompts on Network The `server.js` script starts a web server listening on `0.0.0.0:3030`, making it accessible from any network interface. This server exposes an API endpoint (`/api/status`) and a web dashboard that include "task descriptions" derived from user prompts found in agent session files (`~/.openclaw/agents/main/sessions/*.jsonl`). The `getTaskDescription` function (assumed to be present and similar to `generate-dashboard.js`) reads these files and extracts truncated user messages. This directly exfiltrates potentially sensitive user input over the network, making it accessible to anyone on the local network, or potentially the internet if port forwarding is configured. 1. **Immediate Action**: Change `HOST` from `0.0.0.0` to `127.0.0.1` (localhost) to restrict network access. 2. Re-evaluate the necessity of including user prompt content in the web dashboard and API. 3. Implement robust sanitization, redaction, or removal of sensitive information from `getTaskDescription`'s output before it is exposed via the web interface. 4. Consider if the skill truly needs read access to raw session transcripts for a monitoring dashboard. 5. Implement authentication/authorization for the web dashboard and API if sensitive data must be exposed. | LLM | server.js:16 | |
| HIGH | Exposure of User Prompts in Local Markdown Dashboard The `scripts/generate-dashboard.js` script reads potentially sensitive user prompts from agent session files (`~/.openclaw/agents/main/sessions/*.jsonl`) via the `getTaskDescription` function. It then writes these truncated prompts into `~/clawd/DASHBOARD.md`. If this markdown file is subsequently accessed by other processes, committed to a public repository, or otherwise exposed, it could lead to the exfiltration of sensitive user data. The skill has broad filesystem access to read these session files. 1. Re-evaluate the necessity of including user prompt content in the dashboard. 2. If necessary, implement stricter sanitization or redaction of sensitive information. 3. Ensure the `DASHBOARD.md` file is stored in a secure location and its access is restricted. 4. Consider if the skill truly needs read access to raw session transcripts. | LLM | scripts/generate-dashboard.js:6 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jorgermp/task-monitor/scripts/start-server.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jorgermp/task-monitor/scripts/stop-server.sh:3 | |
| MEDIUM | Unpinned npm dependency version Dependency 'express' is not pinned to an exact version ('^4.22.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/jorgermp/task-monitor/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/jorgermp/task-monitor/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/d6ce9e0f4ae8a8cf)
Powered by SkillShield