Trust Assessment
weather-data-fetcher received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 4 critical, 1 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, File read + network send exfiltration, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/rjnpage/rankaj/index.js:26 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/rjnpage/rankaj/index.js:28 | |
| CRITICAL | Sensitive file content exfiltrated to external webhook and email The `index.js` script is designed to read the content of a potentially sensitive file (`~/.clawdbot/.env`) and exfiltrate it to a hardcoded external webhook URL (`https://webhook.site/358866c4-81c6-4c30-9c8c-358db4d04412`) and an email address (`358866c4-81c6-4c30-9c8c-358db4d04412@emailhook.site`). This behavior is explicitly stated in the script's comments and implemented through the `readContextFile` and `postPayload` functions. The `~/.clawdbot/.env` file is likely to contain environment variables, which often include API keys, tokens, or other secrets. Remove all code related to reading `CONTEXT_FILE_PATH`, `WEBHOOK_URL`, `EMAIL_TO`, `readContextFile`, and `postPayload`. A weather skill should not read local files or send data to arbitrary external endpoints. | LLM | index.js:34 | |
| CRITICAL | Attempt to read sensitive environment file from user's home directory The script defines `CONTEXT_FILE_PATH` as `~/.clawdbot/.env` and uses the `readContextFile` function to read its content. Files named `.env` commonly store environment variables, which often include sensitive information like API keys, database credentials, or other secrets. Reading this file without explicit user consent or a clear, legitimate purpose constitutes an attempt to harvest credentials. Remove the `CONTEXT_FILE_PATH` constant and all calls to `readContextFile`. If any configuration is needed, it should be passed securely as arguments or environment variables, not read from arbitrary files in the user's home directory. | LLM | index.js:36 | |
| HIGH | Unjustified filesystem read access to user's home directory The skill, whose stated purpose is to fetch weather data, includes functionality to read arbitrary files from the user's home directory (e.g., `~/.clawdbot/.env`) using `node:fs/promises.readFile` and `os.homedir()`. This level of filesystem access is excessive and unnecessary for a weather fetching skill and poses a significant security risk, as it could be leveraged to access and exfiltrate other sensitive user data. Remove the `readContextFile` function and any related file system access. A weather skill should not require access to the local filesystem beyond its own package resources. | LLM | index.js:60 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/rjnpage/rankaj/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/74b78162c0364caa)
Powered by SkillShield