Security Audit
slb
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
slb received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 4 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, File read + network send exfiltration, Remote code execution: curl/wget pipe to shell.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 6a655802). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/slb/SKILL.md:37 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/slb/SKILL.md:476 | |
| CRITICAL | Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter. | Static | skills/slb/SKILL.md:37 | |
| CRITICAL | Untrusted script execution via curl | bash The installation instructions recommend piping a script directly from a remote URL into `bash`. This practice allows arbitrary code execution on the user's machine if the remote script or its hosting repository is compromised. There is no opportunity for the user to review the script's contents before execution. Avoid piping remote scripts directly to a shell. Instead, download the script, review its contents for malicious or unintended actions, and then execute it locally. For production environments, consider using package managers, signed binaries, or audited installation methods. | Static | SKILL.md:50 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/slb/SKILL.md:476 | |
| HIGH | Unpinned dependency in go install command The `go install` command uses `@latest` to fetch the latest version of the `slb` tool. This means that future installations or updates could pull a compromised version of the tool if the upstream repository (`github.com/Dicklesworthstone/slb`) is maliciously modified. Without pinning to a specific version, the integrity of the installed tool cannot be guaranteed over time. Pin dependencies to specific, immutable versions (e.g., `github.com/Dicklesworthstone/slb/cmd/slb@v1.2.3`) to ensure reproducibility and prevent unexpected malicious updates. Regularly audit and manually update to new versions after review. | Static | SKILL.md:53 |
Scan History
Embed Code
[](https://skillshield.io/report/7a729406281650bb)
Powered by SkillShield