Trust Assessment
zoho-email received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 20 findings: 4 critical, 6 high, 9 medium, and 1 low severity. Key findings include Arbitrary command execution, Hidden network beacons / undisclosed telemetry, Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings20
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/briansmith80/zoho-email-integration/scripts/clawdbot_extension.py:65 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/briansmith80/zoho-email-integration/examples/clawdbot-extension/email-command.js:14 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/briansmith80/zoho-email-integration/examples/clawdbot-extension/email-command.js:40 | |
| CRITICAL | Shell Command Injection via execSync The `email-command.js` script constructs a shell command string using user-supplied arguments and executes it via `execSync`. While it attempts to quote arguments, this method is vulnerable to injection if an argument contains a double quote, allowing an attacker to break out of the quoted string and execute arbitrary shell commands. For example, an argument like `foo" ; rm -rf / #` would be improperly escaped, leading to `rm -rf /` execution. Avoid constructing shell command strings with user input. Instead, pass arguments as a list to `child_process.spawn` or `child_process.execFile`, which handles proper escaping automatically. If `execSync` must be used, implement robust, context-aware escaping for all user-controlled parts of the command string, or use a library designed for safe shell command construction. | LLM | examples/clawdbot-extension/email-command.js:29 | |
| HIGH | Hidden network beacons / undisclosed telemetry BCC field manipulation in email sending code Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/briansmith80/zoho-email-integration/scripts/zoho-email.py:1124 | |
| HIGH | Hidden network beacons / undisclosed telemetry BCC field manipulation in email sending code Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/briansmith80/zoho-email-integration/scripts/zoho-email.py:1210 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_command'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/briansmith80/zoho-email-integration/scripts/clawdbot_extension.py:65 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/briansmith80/zoho-email-integration/examples/morning-briefing.sh:6 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/briansmith80/zoho-email-integration/examples/vip-monitor.sh:6 | |
| HIGH | Arbitrary File Read/Write via Path Traversal The `ZohoEmail` class in `scripts/zoho-email.py` directly uses user-provided file paths for attachment handling without proper sanitization or restriction to a safe directory. In `send_email_with_attachment`, it opens `attachment_path` for reading, and in `download_attachment`, it writes to `output_path`. If a malicious user can control these paths (e.g., via a Clawdbot command like `/email send ... --attach /etc/passwd` or `/email download ... /tmp/malicious_file`), they could read sensitive files from the system or write arbitrary files to arbitrary locations, potentially leading to privilege escalation or data exfiltration. Implement strict input validation and sanitization for all file paths provided by users. Restrict file operations to a designated, isolated directory (e.g., a temporary upload/download folder). Use `os.path.basename()` to prevent path traversal components like `../` and ensure that the final path is within the allowed directory. For downloads, consider generating unique, non-guessable filenames. | LLM | scripts/zoho-email.py:1025 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/briansmith80/zoho-email-integration/scripts/oauth-setup.py:11 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/briansmith80/zoho-email-integration/scripts/oauth-setup.py:99 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/briansmith80/zoho-email-integration/scripts/oauth-setup.py:126 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/briansmith80/zoho-email-integration/scripts/zoho-email.py:19 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/briansmith80/zoho-email-integration/scripts/zoho-email.py:75 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/briansmith80/zoho-email-integration/scripts/zoho-email.py:114 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/briansmith80/zoho-email-integration/scripts/zoho-email.py:141 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/briansmith80/zoho-email-integration/scripts/zoho-email.py:1808 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/briansmith80/zoho-email-integration/requirements.txt:4 | |
| LOW | Unpinned Dependency Version The `requirements.txt` file specifies the `requests` library with a minimum version (`requests>=2.31.0`) rather than an exact version pin (`requests==2.31.0`). While `requests` is a widely used and generally trusted library, using unpinned or loosely pinned dependencies can introduce supply chain risks. Future versions of the dependency might introduce breaking changes, new vulnerabilities, or unexpected behavior, which could affect the skill's stability or security without explicit review. Pin all direct and transitive dependencies to exact versions using `==` (e.g., `requests==2.31.0`). This ensures that the exact same set of dependencies is installed every time, improving reproducibility and reducing the risk of unexpected changes or vulnerabilities introduced by new dependency versions. Tools like `pip-compile` or `pip freeze > requirements.txt` can help manage this. | LLM | requirements.txt:4 |
Scan History
Embed Code
[](https://skillshield.io/report/3f837f2e053a7a6f)
Powered by SkillShield