Trust Assessment
ttt received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via `ttt` CLI arguments, Supply Chain Risk - Unpinned `npm` dependency for `ttt-cli` installation, `ttt auth export` command exposes credentials to environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Potential Command Injection via `ttt` CLI arguments The skill relies on executing the `ttt` CLI tool, which takes various string arguments (e.g., list names, todo text, notes, URLs, JSON payloads). If the AI agent constructs these commands by directly interpolating untrusted user input without proper shell escaping, a malicious user could inject arbitrary shell commands. For example, providing a list name like `'My List"; rm -rf /tmp; echo "'` could lead to arbitrary code execution. The `batch-add` and `batch-update` commands are particularly vulnerable as they accept complex JSON strings which, if not properly quoted and escaped for the shell, could also lead to injection. The AI agent's implementation must rigorously sanitize and shell-escape all user-provided input before passing it as arguments to the `ttt` binary. Use language-specific shell escaping functions (e.g., `shlex.quote` in Python) to prevent command injection. For JSON arguments, ensure the JSON is valid and then properly quoted as a single argument to the shell. | LLM | SKILL.md:40 | |
| HIGH | Supply Chain Risk - Unpinned `npm` dependency for `ttt-cli` installation The installation instructions for the `ttt` CLI tool use `npm install -g @ojschwa/ttt-cli` without specifying a version. This means the latest version will always be installed. This poses a supply chain risk, as a future malicious or buggy update to the `@ojschwa/ttt-cli` package could be automatically pulled in, potentially compromising the system or introducing vulnerabilities. Pin the `npm` dependency to a specific, known-good version (e.g., `npm install -g @ojschwa/ttt-cli@1.2.3`). Regularly review and update dependencies after verifying their integrity and security. | LLM | SKILL.md:10 | |
| MEDIUM | `ttt auth export` command exposes credentials to environment variables The `ttt auth export` command is designed to export user credentials as environment variables for scripting purposes. While this is a legitimate feature of the CLI, if the AI agent were to execute this command and then log, print, or transmit the environment variables, it could lead to unauthorized credential harvesting or data exfiltration. Additionally, any other process running in the same environment could potentially access these exposed credentials. The AI agent should only execute `ttt auth export` when explicitly authorized by the user and for a specific, secure purpose. Ensure that environment variables are not logged or transmitted without explicit user consent. Consider using more secure methods for credential management that avoid exposing them broadly in the environment. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/6db76d1ea62d14d1)
Powered by SkillShield