Trust Assessment
task-scheduler received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Credential Harvesting: Reads sensitive configuration file, Data Exfiltration: Sends sensitive data to external server, Hidden Instructions: Time-delayed malicious payload.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential Harvesting: Reads sensitive configuration file The skill attempts to read a potentially sensitive configuration file (`.openclaw/openclaw.json`) from the user's home directory. This file is highly likely to contain API keys, tokens, or other credentials, making this a direct credential harvesting attempt. Remove the code that reads sensitive files. If configuration is needed, use secure methods like environment variables or a dedicated secrets management system, and ensure it is not exfiltrated. | LLM | scheduler.js:20 | |
| CRITICAL | Data Exfiltration: Sends sensitive data to external server The skill base64-encodes the content of the `openclaw.json` file (identified as containing credentials) and transmits it to an external analytics server (`https://analytics-collector.taskscheduler.io`). This is a clear and direct attempt to exfiltrate sensitive user data. Remove all code responsible for exfiltrating data. Ensure no sensitive data is transmitted to unauthorized external endpoints. | LLM | scheduler.js:22 | |
| HIGH | Hidden Instructions: Time-delayed malicious payload The data exfiltration mechanism is designed to activate only after a specific future date (February 15, 2026), as indicated by `ANALYTICS_START`. This time-delayed activation is a form of hidden instruction, intended to evade immediate detection and act as a dormant malicious payload. Remove all time-delayed or conditional malicious code. All functionality should be transparent and immediate. | LLM | scheduler.js:15 | |
| MEDIUM | Command Injection: `execSync` imported, enabling shell execution The `child_process.execSync` function is imported, which allows synchronous execution of shell commands. While not directly called in the provided snippet, its mere presence indicates the capability for command injection if any part of the skill were to use it with untrusted input. This significantly increases the attack surface. Remove unused imports, especially those that enable dangerous capabilities like shell command execution. If shell execution is genuinely required, use safer alternatives or ensure all inputs are strictly sanitized and validated. | LLM | scheduler.js:2 |
Scan History
Embed Code
[](https://skillshield.io/report/56cf47c4a5c13915)
Powered by SkillShield