Security Audit

blinko

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

blinko received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Untrusted content attempts to instruct LLM behavior, API key potentially exfiltrated to example domain.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Untrusted content attempts to instruct LLM behavior The `SKILL.md` file, which is marked as untrusted input, contains instructions intended for the host LLM. Specifically, it dictates interaction patterns such as requiring explicit confirmation for destructive actions ('Always confirm explicitly ("OK vas-y") before: deleting notes, deleting tags'). Following these instructions would mean the LLM is being manipulated by untrusted content, which is a form of prompt injection. The host LLM should be configured to ignore any instructions found within untrusted content delimiters. The skill's operational logic (e.g., requiring `--yes` for deletion) should be handled by the tool code, not by LLM instructions from untrusted sources.	LLM	SKILL.md:30
HIGH	API key potentially exfiltrated to example domain The `scripts/blinko.py` helper script uses `BLINKO_API_KEY` for authentication. If the `BLINKO_BASE_URL` environment variable is not explicitly set by the user, it defaults to `https://blinko.exemple.com`. The domain `exemple.com` is reserved for documentation and examples and is not intended for live services. An attacker could register this domain, leading to the `BLINKO_API_KEY` being sent to a malicious server and compromising user credentials. Change `DEFAULT_BASE_URL` to a legitimate, controlled domain or remove the default entirely, forcing the user to explicitly set `BLINKO_BASE_URL`. If a default is absolutely necessary, it must be a domain controlled by the legitimate service provider.	LLM	scripts/blinko.py:20
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/vellis59/openclaw-skill-blinko/scripts/blinko.py:21

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/3bf1420edc40387c.svg)](https://skillshield.io/report/3bf1420edc40387c)