Security Audit

openclaw-nextcloud

github.com/keithvassallomt/openclaw-nextcloud

AI SkillCommit 3a10a5a06058

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

openclaw-nextcloud received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Excessive 'Bash Read' permission declared, Unpinned or broadly pinned dependencies.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 17, 2026 (commit 3a10a5a0). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

98%

Dependency Graph

93%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

2 findings

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
MEDIUM	Unpinned npm dependency version Dependency 'date-fns' is not pinned to an exact version ('^2.30.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	package.json
LOW	Excessive 'Bash Read' permission declared The skill declares 'Bash Read' permission, which grants broad access to the local filesystem. However, the provided Node.js script (index.js) primarily focuses on network interactions with Nextcloud and does not appear to actively utilize local filesystem read operations (e.g., fs.readFileSync) in its current implementation. While the 'fs' module is imported, its active usage is limited to writing to Nextcloud via WebDAV, not reading local files. This permission may be broader than necessary for the skill's stated functionality, increasing the attack surface if the skill were to be modified or if the agent were to misinterpret its capabilities. Review the necessity of the 'Bash Read' permission. If the skill does not require reading local files, remove this permission. If it is needed for specific, limited purposes, consider declaring more granular permissions or providing a clear justification for its use.	Static	SKILL.md:10
INFO	Unpinned or broadly pinned dependencies The 'package.json' file uses caret (^) ranges for dependencies (e.g., 'date-fns: "^2.30.0"', 'fast-xml-parser: "^5.3.4"', 'node-fetch: "^3.3.2"'). While 'package-lock.json' pins exact versions, using caret ranges in 'package.json' allows for automatic updates to minor and patch versions, which could potentially introduce breaking changes or vulnerabilities if a malicious update were to occur in the future. For security-critical applications, strictly pinned dependencies are often preferred. Consider using exact version pinning (e.g., '"date-fns": "2.30.0"') or tilde (~) ranges for dependencies to ensure greater control over installed package versions and reduce the risk of unexpected changes or supply chain attacks. Regularly audit dependencies for known vulnerabilities.	Static	package.json:13

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a0ad5a36270da25d.svg)](https://skillshield.io/report/a0ad5a36270da25d)