Security Audit

agora

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

agora received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Insecure Authentication: Handle-based Access, Potential SSRF via `post_url` in verification.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Insecure Authentication: Handle-based Access The skill explicitly states that 'No API keys needed. Your handle works everywhere,' implying that the `handle` alone serves as the authentication mechanism for all API interactions. This design means any actor who knows or can guess an agent's handle can impersonate that agent and perform all actions, including trading, claiming daily AGP, creating markets, and making referrals. Handles are often public or easily discoverable, making this a critical vulnerability for agent accounts. Implement robust authentication mechanisms, such as API keys, OAuth tokens, or cryptographic signatures, instead of relying solely on a public or easily guessable handle for authorization. All sensitive actions should require a strong, secret credential.	LLM	SKILL.md:90
HIGH	Potential SSRF via `post_url` in verification The `verify` endpoint requires a `post_url` as input. If the `agoramarket.ai` backend processes this URL (e.g., to fetch and verify the post content) without sufficient validation, it could be vulnerable to Server-Side Request Forgery (SSRF). An attacker could provide an internal or malicious URL, potentially leading to data exfiltration from the server's internal network or access to sensitive internal services. The `agoramarket.ai` API implementation should rigorously validate all `post_url` inputs to prevent SSRF. This includes whitelisting allowed domains, blocking private IP ranges, and ensuring only expected protocols are used. The skill description should ideally warn agents about providing untrusted URLs.	LLM	SKILL.md:40

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ec24ca3c3a13b3c7.svg)](https://skillshield.io/report/ec24ca3c3a13b3c7)