Security Audit

taskleef

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

taskleef received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned CLI download from main branch, Potential Command Injection via CLI arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned CLI download from main branch The `todo` CLI is configured to be downloaded directly from `https://raw.githubusercontent.com/Xatter/taskleef/main/taskleef-cli/todo`. This URL points to the `main` branch of the repository, which is not version-locked or pinned to a specific commit hash. A compromise of the upstream repository's `main` branch could lead to the installation of a malicious executable, introducing a significant supply chain risk. Pin the `todo` CLI download URL to a specific release version or commit hash (e.g., `.../releases/download/v1.2.3/todo`) to ensure integrity and prevent unexpected changes to the executable.	LLM	SKILL.md
HIGH	Potential Command Injection via CLI arguments The skill is designed to execute external binaries (`todo`, `curl`, `jq`) as declared in the manifest. The `SKILL.md` documentation shows that user-controlled input (e.g., task titles, IDs, project names) is passed directly as arguments to these commands (e.g., `todo add "<user_input>"`). If the skill's underlying implementation does not properly sanitize or escape user input before constructing and executing shell commands, an attacker could inject arbitrary shell commands. This could lead to data exfiltration, unauthorized actions, or system compromise. Implement robust input sanitization and escaping for all user-provided arguments before they are passed to external shell commands. Consider using a safe command execution library that handles argument escaping automatically, or pass arguments as a list to `subprocess.run` (or equivalent) instead of a single shell string.	LLM	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/344399b9d4fdeeca.svg)](https://skillshield.io/report/344399b9d4fdeeca)