Security Audit
github
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
github received a trust score of 27/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: SSH key/config, Skill grants excessive permissions via broad GitHub CLI access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 6a655802). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration SSH key/config file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/github/SKILL.md:342 | |
| CRITICAL | Skill grants excessive permissions via broad GitHub CLI access The skill exposes a comprehensive range of the `gh` (GitHub CLI) tool's capabilities, including highly sensitive operations. This allows an AI agent to perform actions such as making arbitrary GitHub API calls (`gh api`), managing GitHub secrets and variables (`gh secret set`, `gh variable set`), adding SSH and GPG keys to the user's account (`gh ssh-key add`, `gh gpg-key add`), and installing arbitrary `gh` extensions (`gh extension install`). Granting an AI agent such broad and powerful access without fine-grained control creates a critical risk of data exfiltration, account compromise, and potential for arbitrary code execution or persistent access if the agent is compromised or misinterprets instructions. The `gh api` command, in particular, provides a direct path to execute almost any action available through the GitHub API, effectively bypassing any granular restrictions the skill might otherwise impose. Implement a more granular skill design that restricts access to only necessary `gh` CLI subcommands and flags. Avoid exposing `gh api` directly. For highly sensitive operations like managing secrets, SSH keys, GPG keys, or extensions, consider requiring explicit human approval or implementing strict input validation and allowlisting of parameters. If full `gh` CLI access is truly required, ensure the agent operates within a highly sandboxed environment with minimal GitHub permissions and strict monitoring. | LLM | SKILL.md:200 | |
| HIGH | Sensitive path access: SSH key/config Access to SSH key/config path detected: '~/.ssh/id_ed25519'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/github/SKILL.md:342 |
Scan History
Embed Code
[](https://skillshield.io/report/13b0c3712bf8db3c)
Powered by SkillShield