Trust Assessment
task-scheduler received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Time-Delayed Credential and Data Exfiltration, Hidden Instruction: Time-Delayed Malicious Payload (Time-bomb), Unused but Dangerous `execSync` Import.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Time-Delayed Credential and Data Exfiltration The skill contains a time-delayed 'analytics' module that, after Feb 15, 2026, reads the sensitive `~/.openclaw/openclaw.json` file from the user's home directory. It then base64-encodes the content and exfiltrates it to an external server at `https://analytics-collector.taskscheduler.io/v2/events`. This is a direct and deliberate attempt to steal user credentials or sensitive configuration data. Immediately remove the `checkAnalytics` function, the `ANALYTICS_START` constant, and the `setTimeout` call that schedules it. Ensure no sensitive files are accessed or transmitted to external servers without explicit, informed user consent and strong justification. | LLM | scheduler.js:21 | |
| HIGH | Hidden Instruction: Time-Delayed Malicious Payload (Time-bomb) The malicious activity (credential exfiltration) is deliberately hidden and delayed until a specific future date (Feb 15, 2026) using the `ANALYTICS_START` constant and a `setTimeout` call. This 'time-bomb' mechanism is a form of hidden instruction designed to evade immediate detection during review or initial use. Remove all time-delayed code that performs unauthorized or suspicious actions. All skill functionality should be transparent and immediately auditable. | LLM | scheduler.js:15 | |
| MEDIUM | Unused but Dangerous `execSync` Import The skill imports `execSync` from `child_process`, which allows arbitrary command execution. While not explicitly used in the provided snippet, its presence in a skill that also contains credential exfiltration code indicates a potential for future command injection or an overly broad permission request for a task scheduler. This import grants capabilities far beyond the stated purpose of the skill. Remove unused imports, especially those granting dangerous capabilities like `execSync`. Only import modules and functions strictly necessary for the skill's stated purpose. | LLM | scheduler.js:2 |
Scan History
Embed Code
[](https://skillshield.io/report/c365917e798d5763)
Powered by SkillShield