Trust Assessment
ticktick-linux received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unquoted parameter in shell command allows direct command injection, Quoted parameters vulnerable to shell escape sequences.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unquoted parameter in shell command allows direct command injection The `status` parameter in the `ticktick_list` tool is directly interpolated into a shell command without any quoting or escaping. This allows an attacker to inject arbitrary shell commands by providing a malicious value for `status`. For example, `incomplete; rm -rf /` would execute `rm -rf /`. Ensure all user-supplied parameters are properly shell-escaped before being interpolated into a command. For this specific case, the `status` parameter should be enclosed in single quotes and any single quotes within the parameter value should be escaped, or preferably, use a templating function that provides robust shell escaping. | LLM | SKILL.md:26 | |
| CRITICAL | Unquoted parameter in shell command allows direct command injection The `priority` parameter in the `ticktick_create` tool is directly interpolated into a shell command without any quoting or escaping. This allows an attacker to inject arbitrary shell commands by providing a malicious value for `priority`. For example, `high; reboot` would execute `reboot`. Ensure all user-supplied parameters are properly shell-escaped before being interpolated into a command. For this specific case, the `priority` parameter should be enclosed in single quotes and any single quotes within the parameter value should be escaped, or preferably, use a templating function that provides robust shell escaping. | LLM | SKILL.md:42 | |
| HIGH | Quoted parameters vulnerable to shell escape sequences Multiple parameters (`project`, `title`, `content`, `date`, `id`) are interpolated into shell commands enclosed in double quotes. While this offers some protection, a sophisticated attacker can still escape the double quotes and inject arbitrary shell commands. For example, a value like `my_project" --evil-flag "value` or `my_project"; rm -rf /; #` could lead to command injection. The current quoting mechanism does not prevent all forms of shell injection. Implement robust shell escaping for all user-supplied parameters. This typically involves escaping all shell metacharacters (e.g., `"`, `'`, ` `, `&`, `|`, `;`, `<`, `>`, `(`, `)`, `$`, `` ` ``, `\`, `*`, `?`, `[`, `]`, `#`, `~`, `=`) or using a mechanism that passes arguments directly to the executable without shell interpretation (e.g., `subprocess.run` with `shell=False` in Python). | LLM | SKILL.md:25 |
Scan History
Embed Code
[](https://skillshield.io/report/0cfd70f17512fa9e)
Powered by SkillShield