Trust Assessment
arc-shield received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 2 critical, 0 high, 9 medium, and 0 low severity. Key findings include Hardcoded AWS Access Key detected, Potential hardcoded secret (high entropy), Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/arc-claw-bot/arc-shield/examples/demo.sh:60 | |
| CRITICAL | Hardcoded AWS Access Key detected A hardcoded AWS Access Key was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/arc-claw-bot/arc-shield/tests/quick-test.sh:97 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.66) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/arc-claw-bot/arc-shield/examples/demo.sh:61 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=5.09) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/arc-claw-bot/arc-shield/tests/quick-test.sh:19 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=5.09) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/arc-claw-bot/arc-shield/tests/quick-test.sh:24 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.78) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/arc-claw-bot/arc-shield/tests/quick-test.sh:59 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.78) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/arc-claw-bot/arc-shield/tests/quick-test.sh:70 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=5.11) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/arc-claw-bot/arc-shield/tests/quick-test.sh:88 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=5.11) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/arc-claw-bot/arc-shield/tests/run-tests.sh:104 | |
| MEDIUM | Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.78) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values. | Static | skills/arc-claw-bot/arc-shield/tests/run-tests.sh:141 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/arc-claw-bot/arc-shield/examples/integration-agent.sh:7 |
Scan History
Embed Code
[](https://skillshield.io/report/adcffaa58456e285)
Powered by SkillShield