Security Audit
jaim12005/openclaw-skill-repoprompt:root
github.com/jaim12005/openclaw-skill-repopromptTrust Assessment
jaim12005/openclaw-skill-repoprompt:root received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Excessive Filesystem Permissions, Execution of Unverified Local Code.
The analysis covered 4 layers: manifest_analysis, llm_behavioral_safety, dependency_graph, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 8, 2026 (commit 33c6ef00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Filesystem Permissions The skill requests `filesystem:/Users` permission, which grants the AI agent read/write access to the entire user home directory. This includes sensitive configuration files (e.g., `.ssh`, `.aws`, `.kube`), browser data, and personal documents unrelated to the repositories being managed. If the agent is compromised via prompt injection, this access could be used to exfiltrate credentials or destroy user data. Restrict filesystem access to specific development directories (e.g., `filesystem:/Users/username/Documents/github`) or require the user to explicitly mount specific project paths. | Unknown | SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /tmp/skillscan-clone-lozbkj_g/repo/SKILL.md:15 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /tmp/skillscan-clone-lozbkj_g/repo/scripts/bootstrap-github.sh:9 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Unknown | /tmp/skillscan-clone-lozbkj_g/repo/scripts/rpflow.sh:4 | |
| MEDIUM | Execution of Unverified Local Code The script `scripts/rpflow.sh` executes Python code from a hardcoded local path (`$HOME/Documents/github/repoprompt-rpflow-cli`) without verification. The skill relies on this external dependency being present and trustworthy. If this directory is writable by other processes or contains malicious code, the skill will execute it with the agent's permissions. This represents a local supply chain risk. Package the `rpflow` library within the skill directory itself to ensure code integrity, or implement a checksum verification mechanism for the external dependency before execution. | Unknown | scripts/rpflow.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/16d10b1c083789f9)
Powered by SkillShield