Security Audit

things-mac

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

things-mac received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill recommends granting Full Disk Access to host application, Unpinned dependency in installation instructions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Skill recommends granting Full Disk Access to host application The skill explicitly recommends granting 'Full Disk Access' to the calling application (e.g., `Clawdbot.app`) for the `things` CLI to read the local Things database. If `Clawdbot.app` is granted this broad permission, any skill running within it could potentially access and exfiltrate any file on the user's disk, not just the Things 3 database. This creates an overly broad attack surface and significantly increases the risk of data exfiltration or unauthorized access. Re-evaluate the necessity of 'Full Disk Access'. If absolutely required for the `things` CLI, consider if the `Clawdbot.app` should be the one granted this, or if a more granular permission model can be achieved (e.g., sandboxing the `things` CLI itself, or using a dedicated helper process with limited scope). If not strictly necessary, remove the recommendation.	LLM	SKILL.md:10
MEDIUM	Unpinned dependency in installation instructions The `go install` command provided in the skill's setup instructions uses `@latest` for the `github.com/ossianhempel/things3-cli/cmd/things` module. This means that every time the skill is installed or updated, the latest version of the `things3-cli` will be fetched. This introduces a supply chain risk as a future version could silently introduce breaking changes, vulnerabilities, or even malicious code without explicit review or auditing. Pin the dependency to a specific, known-good version or commit hash (e.g., `@v1.2.3` or `@abcdef12345`). Regularly review and update the pinned version to ensure security and stability.	LLM	SKILL.md:7

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/1a3c1507460de1a3.svg)](https://skillshield.io/report/1a3c1507460de1a3)