Skill Trust Decision
birthday
The birthday management skill contains undeclared network access (webhook, SMTP email) and shell execution (JS sendmail), with sensitive personal data capable of external transmission.
Most direct threat evidence
Why this conclusion was reached
1/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Pass
Hidden execution and egress
No obvious high-risk egress or execution signals were found.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Pass
Dependencies and supply chain hygiene
Dependencies are present but no obvious high-risk issue stands out.
What drove the risk score up
Undeclared network access (Python) +15
SMTP email via smtplib and webhook via urllib.request not declared in SKILL.md
Undeclared shell execution (JS) +10
child_process.spawnSync for 'which sendmail' and 'sendmail' not declared in SKILL.md
Data exfiltration potential +10
Birthday records with names, birthdates, and masked ID cards can be sent to user-configured webhook URLs
Environment variable access +5
Script reads SMTP credentials from environment variables (BIRTHDAY_SMTP_*), but only for legitimate config purposes
Most important evidence
Medium Doc Mismatch
Undeclared email notification channel
SKILL.md only documents 'agent' notification channel but Python implementation includes full SMTP email support via smtplib.SMTP. Email channel requires BIRTHDAY_SMTP_HOST, BIRTHDAY_SMTP_PORT, BIRTHDAY_SMTP_USERNAME, BIRTHDAY_SMTP_PASSWORD environment variables.
scripts/birthday_manager.py:309 Add email channel documentation to SKILL.md if intentional, or remove smtplib code
Medium Doc Mismatch
Undeclared webhook notification channel
Python implementation includes webhook support via urllib.request that POSTs notification data to user-configured URLs. This is not documented in SKILL.md.
scripts/birthday_manager.py:316 Add webhook channel documentation to SKILL.md if intentional, or remove urllib.request code
Medium Doc Mismatch
Undeclared shell command execution (JS)
JavaScript implementation uses child_process.spawnSync to execute 'which sendmail' and sendmail binary for email notifications. This shell:WRITE capability is not declared in SKILL.md.
scripts/birthday_manager.js:290 Document shell execution if email via sendmail is intentional, or refactor to use Node.js net module
Low Sensitive Access
Environment variable access for credentials
Both scripts read SMTP credentials from environment variables (BIRTHDAY_SMTP_HOST, BIRTHDAY_SMTP_PASSWORD, etc.) via resolveConfigValue() function. This is legitimate for notification configuration but not documented.
scripts/birthday_manager.py:201 Document required environment variables in SKILL.md under notification configuration section
Declared capability vs actual capability
Filesystem Pass
Declared READ
→ Inferred WRITE
Both scripts read/write birthdays.json for data persistence - documented Network Block
Declared NONE
→ Inferred WRITE
Python: smtplib.SMTP, urllib.request (webhook); JS: none; SKILL.md only declares agent channel Shell Block
Declared NONE
→ Inferred WRITE
JS: child_process.spawnSync for 'which sendmail' and sendmail binary execution - not declared Environment Pass
Declared NONE
→ Inferred READ
Scripts read SMTP config from env vars (BIRTHDAY_SMTP_*), but only for notification channel Suspicious artifacts and egress
No obvious IOC was extracted.
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| None (pure stdlib) | N/A | Python stdlib + Node.js stdlib | No | No npm dependencies in package.json, no pip requirements.txt - all code uses standard library only |
File composition
7 files · 1752 lines
JavaScript 1 files · 760 linesPython 1 files · 695 linesMarkdown 2 files · 254 linesJSON 2 files · 39 linesYAML 1 files · 4 lines
Files of concern · 2
scripts/birthday_manager.py Undeclared email notification channel · Undeclared webhook notification channel · Environment variable access for credentials
scripts/birthday_manager.js Undeclared shell command execution (JS)
Other files · SKILL.md · data-format.md · package.json · notification.json · openai.yaml
Security positives
ID card numbers are properly masked (first 6 and last 4 digits only)
No access to sensitive system paths (~/.ssh, ~/.aws, .env)
Package has zero third-party dependencies (no supply chain risk)
No base64-encoded or obfuscated code detected
No reverse shell, C2, or credential harvesting patterns
Email/webhook channels require explicit user configuration via notification.json
Webhook URL is user-controlled, not hardcoded to external servers
Lunar calendar conversion table is embedded (no external dependencies)
Both scripts are well-structured with proper error handling