Key Expiry Tracker

The skill is classified as suspicious due to a potential shell injection vulnerability in `scripts/check-credentials.sh`. The `date -d "$EXPIRES"` command, while intended for date parsing, could execute arbitrary commands if the `expires` field in the `~/.openclaw/workspace/.credentials.json` file is maliciously crafted (e.g., `2026-03-15T00:00:00Z; malicious_command`). Although the skill explicitly states it does not handle credential values and the `SKILL.md` does not contain prompt injection, this vulnerability, combined with the necessary `filesystem` permission, presents a risk if the input JSON file is compromised or manipulated.