Trust Assessment
task-sync received a trust score of 23/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 1 critical, 2 high, 3 medium, and 0 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jp1222/task-sync/e2e_test.py:63 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_sync'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/jp1222/task-sync/e2e_test.py:63 | |
| HIGH | Arbitrary command execution via PYTHON_BIN environment variable The `e2e_test.py` script executes `sync.py` using `subprocess.run`. The Python interpreter path (`PYTHON_BIN`) is sourced directly from the `PYTHON_BIN` environment variable without validation. An attacker who can control this environment variable could inject and execute arbitrary shell commands, leading to full system compromise. Replace `os.environ.get("PYTHON_BIN", sys.executable or "python3")` with `sys.executable` to ensure the script is run with the current Python interpreter, or implement strict validation for the `PYTHON_BIN` environment variable to only allow known safe paths. | LLM | e2e_test.py:29 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jp1222/task-sync/scripts/setup_ticktick.py:11 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/jp1222/task-sync/utils/ticktick_api.py:5 | |
| MEDIUM | Unvalidated file paths from configuration allow arbitrary file read/write The skill loads file paths for OAuth tokens (`google_token`, `ticktick_token`), sync database (`sync_db`), and sync logs (`sync_log`) from `config.json` and environment variables. The `to_abs_path` utility function (used in setup scripts) and direct path usage in `sync.py` and API wrappers allow these paths to be absolute or resolved relative to `BASE_DIR`. If an attacker can modify `config.json` or environment variables, they can specify arbitrary file paths. This allows the skill to read sensitive files (data exfiltration) or overwrite/create files in arbitrary locations (data tampering/loss) when loading/saving these configuration-defined files. Implement strict validation for all file paths loaded from `config.json` or environment variables. Paths should be confined to a designated data directory (e.g., `BASE_DIR / "data"`) and explicitly disallow absolute paths or path traversal sequences (`..`). For example, ensure `Path(path_value).resolve().is_relative_to(BASE_DIR / "data")` before use. | LLM | scripts/setup_google_tasks.py:20 |
Scan History
Embed Code
[](https://skillshield.io/report/c3d4649ff4a25baa)
Powered by SkillShield