Security Audit

agentguard

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

agentguard received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via user-provided path in 'scan' subcommand, Undeclared 'Write' permission for config file management.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Command Injection via user-provided path in 'scan' subcommand The 'scan' subcommand instructs the agent to construct and execute a 'node' command using a user-provided path: `node scripts/trust-cli.ts hash --path <scanned_path>`. If the `<scanned_path>` argument, which originates from user input, is not properly sanitized, an attacker could inject shell metacharacters (e.g., `'; rm -rf /'`) to execute arbitrary commands on the host system. The skill's declared `Bash(node *)` permission allows this execution. Implement robust input sanitization or validation for the `<path>` argument before using it in shell commands. Ensure that only valid file paths are accepted and that no shell metacharacters can be injected. Consider using a tool execution mechanism that passes arguments as an array rather than a single string to prevent shell injection.	LLM	SKILL.md:127
HIGH	Undeclared 'Write' permission for config file management The skill's manifest declares `Read, Grep, Glob, Bash(node *)` permissions. However, the 'config' subcommand explicitly instructs the agent to 'Write the config to `~/.agentguard/config.json`'. This indicates a requirement for `Write` permission that is not declared in the manifest. If the skill can indeed write to the filesystem, this permission should be explicitly declared for transparency and proper security assessment. Update the skill's manifest to explicitly declare the `Write` permission if it is indeed required for the skill's functionality. If `Write` is not intended, remove the instruction to write the config file or find an alternative method that does not require `Write` access.	LLM	SKILL.md:320

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/16840015d1752c31.svg)](https://skillshield.io/report/16840015d1752c31)