Trust Assessment
agent-earner received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary file read via 'submit' command argument The `submitWork` function directly uses a user-provided file path (`workOrFilePath` from CLI arguments) in `fs.readFileSync` without proper validation or restriction to a sandboxed directory. While `fs.existsSync` and `fs.statSync().isFile()` prevent reading non-existent paths or directories, a malicious actor could instruct the agent to submit sensitive files (e.g., `.env` files, SSH keys, system configuration files like `/etc/passwd`) from the agent's workspace or system. The content of these files would then be sent to the ClawTasks or OpenWork API, leading to data exfiltration. The `SKILL.md` recommends saving work to `temp/bounties/`, but the code does not enforce this restriction. Implement strict path validation in the `submitWork` function. Ensure that any `filePath` provided by the user is resolved within a designated, sandboxed directory (e.g., `path.resolve(process.cwd(), 'temp', 'bounties')`) and reject any paths that attempt to access files outside this allowed scope. For example, check if the resolved path starts with the allowed base directory. | LLM | index.js:200 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/autogame-17/openclaw-earner/index.js:105 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^14.0.3'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/autogame-17/openclaw-earner/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/autogame-17/openclaw-earner/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/3686f0bdcc25e864)
Powered by SkillShield