Security Audit

clawdbot-release-check

github.com/jdrhyne/agent-skills

AI SkillCommit 0676c56a8ab1

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

clawdbot-release-check received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 3 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, User-controlled input embedded in LLM-interpreted payload.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 12, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Shell Execution

3 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	clawdbot/clawdbot-release-check/scripts/check.sh:7
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	clawdbot/clawdbot-release-check/scripts/setup.sh:43
MEDIUM	User-controlled input embedded in LLM-interpreted payload The `scripts/setup.sh` script constructs a cron job payload in JSON format, which is intended to be interpreted by an LLM-driven gateway. The `channel` and `to` fields within this payload are directly populated by user-controlled command-line arguments (`--channel` and `--telegram`). If the `clawdis` gateway's LLM prompt construction does not adequately sanitize or escape these values before incorporating them into a prompt, a malicious user could inject arbitrary instructions into the LLM by providing specially crafted strings for `--channel` or `--telegram`. This could lead to unintended agent actions, data manipulation, or other security breaches. Implement strict validation for user-provided `--channel` and `--telegram` arguments in `scripts/setup.sh` to ensure they conform to expected formats (e.g., a whitelist of channel names, numeric IDs for Telegram). Additionally, the `clawdis` gateway should implement robust sanitization and escaping mechanisms for all user-controlled fields within LLM prompts to prevent prompt injection.	LLM	scripts/setup.sh:86

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9fa229e7b141e8c2.svg)](https://skillshield.io/report/9fa229e7b141e8c2)