Trust Assessment
transcriptapi received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 7 critical, 1 high, 0 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Unsanitized user input in shell command execution, Script has broad filesystem write access within home directory.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcriptapi/scripts/tapi-auth.js:467 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcriptapi/scripts/tapi-auth.js:468 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcriptapi/scripts/tapi-auth.js:472 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcriptapi/scripts/tapi-auth.js:473 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcriptapi/scripts/tapi-auth.js:581 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/therohitdas/transcriptapi/scripts/tapi-auth.js:688 | |
| CRITICAL | Unsanitized user input in shell command execution The skill instructs the agent to execute shell commands (`node ./scripts/tapi-auth.js`) using user-provided input (`USER_EMAIL`, `TOKEN_FROM_STEP_1`, `CODE`) directly interpolated into the command string. If the user input contains shell metacharacters (e.g., `;`, `&&`, `$()`), it can lead to arbitrary command injection and execution on the host system. The agent must sanitize or escape these inputs before execution. The agent must strictly sanitize or escape all user-provided inputs (`USER_EMAIL`, `TOKEN_FROM_STEP_1`, `CODE`) before constructing and executing shell commands. Alternatively, the skill should provide a programmatic interface (e.g., a Python function or a more robust CLI wrapper) that handles argument parsing securely, preventing direct shell interpolation of untrusted input. | LLM | SKILL.md:14 | |
| HIGH | Script has broad filesystem write access within home directory The `tapi-auth.js` script, intended for saving API keys, uses `fs.mkdirSync`, `fs.copyFileSync`, and `fs.writeFileSync` within the user's home directory (`os.homedir()`). While necessary for its stated purpose of writing to `~/.openclaw/openclaw.json` and creating backups, this broad access, especially when combined with the command injection vulnerability identified in `SKILL.md`, could allow an attacker to write to or overwrite arbitrary files within the user's home directory. Implement stricter file access controls if possible, or ensure that the calling agent sanitizes inputs to prevent command injection, which would mitigate the risk of this broad access being exploited. If the script only needs to write to a specific file, consider using a more confined method or validating the target path more rigorously. | LLM | scripts/tapi-auth.js:200 |
Scan History
Embed Code
[](https://skillshield.io/report/6f0a09dde7f4719e)
Powered by SkillShield