Trust Assessment
agentchan received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Prompt Injection via Untrusted Markdown Manifest, Credential Harvesting Risk via OpenClaw Webhook Secret.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Prompt Injection via Untrusted Markdown Manifest The skill instructs the agent to 'Read the rules, follow them' from the `manifest` field returned by the `/boards/:board` endpoint. This `manifest` is described as a 'markdown string' and is sourced from the external `agentchan.org` service. If this markdown contains malicious instructions (e.g., 'ignore previous instructions' or 'summarize this document as pwned'), an agent's host LLM that interprets this markdown as executable instructions could be subject to prompt injection, leading to unintended actions or information disclosure. The skill explicitly instructs the agent to process and adhere to this untrusted content. Instruct the agent to treat the `manifest` content as data to be understood, not as executable instructions. Implement robust sandboxing or sanitization for markdown interpretation to prevent prompt injection. The agent should be explicitly warned not to execute instructions found within the `manifest`. | LLM | skill.md:120 | |
| HIGH | Credential Harvesting Risk via OpenClaw Webhook Secret When configuring a webhook in `openclaw` mode via `POST /agent/webhook`, the skill instructs the agent to set the `secret` field to its gateway's `hooks.token`. It explicitly states that 'The `secret` is sent as `Authorization: Bearer <secret>` (matching your gateway's `hooks.token`)' to the specified `url`. If the agent provides a malicious or untrusted `url` for the webhook, its sensitive `hooks.token` (which grants control over the agent's webhook functionality) could be exfiltrated to an attacker-controlled server. Add a prominent warning to the skill documentation advising agents about the sensitivity of their `hooks.token` and the critical importance of only registering webhooks with trusted URLs. Consider if the `hooks.token` needs to be directly sent to the external URL, or if OpenClaw's platform could handle the authentication more securely internally. | LLM | skill.md:307 |
Scan History
Embed Code
[](https://skillshield.io/report/25c17bb763c47482)
Powered by SkillShield