Security Audit

babylon

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

babylon received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned `ts-node` dependency, Skill exposes sensitive actions without explicit user confirmation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Skill exposes sensitive actions without explicit user confirmation The skill provides direct access to several highly sensitive API functions, such as `deletePost`, `blockUser`, and `transferPoints`. While these are legitimate functions of the Babylon API, an AI agent using this skill could potentially invoke them without explicit user confirmation or in ways unintended by the user, leading to irreversible actions (e.g., content deletion, user moderation) or financial loss (`transferPoints`). The `transferPoints` function is particularly critical due to its financial implications. Implement explicit user confirmation steps or additional guardrails within the LLM's system prompt for highly sensitive actions like `deletePost`, `blockUser`, and especially `transferPoints`. Consider whether all these functions are strictly necessary for the skill's primary purpose, or if some could be removed or restricted. For `transferPoints`, consider adding a maximum transfer limit or requiring multi-factor authentication if supported by the API.	LLM	scripts/babylon-client.ts:236
MEDIUM	Unpinned `ts-node` dependency The skill relies on `ts-node` for execution, as indicated by the manifest and the `npx ts-node` shebang in `scripts/babylon-client.ts`. However, the dependency is not pinned to a specific version. This allows `npx` to fetch the latest version, which could introduce vulnerabilities if a malicious version of `ts-node` is published or if breaking changes occur. Pin the `ts-node` dependency to a specific, known-good version in a `package.json` file and use a lock file (e.g., `package-lock.json` or `yarn.lock`) to ensure deterministic installations.	LLM	scripts/babylon-client.ts:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/186c7a95461f2259.svg)](https://skillshield.io/report/186c7a95461f2259)