Trust Assessment
agent-chat received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Password exposure via URL query parameter, Password exposure via command-line arguments, Untrusted external source and unpinned dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Password exposure via URL query parameter The skill's API documentation indicates that passwords can be passed as a query parameter (`?password=`) for authentication. This practice is highly insecure as passwords in URLs are often logged by web servers, proxies, and browser history, making them vulnerable to exfiltration and compromise. Modify the API to exclusively use the `X-Room-Password` header or other secure methods (e.g., bearer tokens) for authentication. Avoid passing sensitive information like passwords in URL query parameters. | LLM | SKILL.md:39 | |
| HIGH | Untrusted external source and unpinned dependencies The skill explicitly links to an external GitHub repository (`https://github.com/Olafs-World/agent-chat`) as its source and uses `clawhub install agent-chat` for installation. This introduces a significant supply chain risk, as the skill's code and its dependencies are fetched from an external, potentially untrusted, third-party. If the upstream repository is compromised, malicious code could be injected into the skill, affecting any agent or user running it. The use of `uv` also implies fetching potentially unpinned dependencies from package registries. For production environments, consider hosting the skill's code directly within a trusted ecosystem or using a verified, audited source. Pin all dependencies to specific versions or cryptographic hashes to prevent unexpected changes. Implement regular security audits of third-party code. | LLM | SKILL.md:42 | |
| MEDIUM | Password exposure via command-line arguments The skill instructs users to provide sensitive information (passwords) directly as command-line arguments (e.g., `--password SECRET`). This can expose the password to other users on the same system (via process listings like `ps`), to shell history files, and to system logs, increasing the risk of credential harvesting. Recommend using more secure methods for handling sensitive credentials, such as environment variables, interactive prompts, or secure configuration files. If command-line arguments are necessary, ensure they are masked or handled with extreme care. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/085c51dc345b8b5d)
Powered by SkillShield