Trust Assessment
BreezClaw received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Untrusted dependency execution during installation, Wallet mnemonic exposed via `wallet_backup` tool, Skill requires and handles sensitive API key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Wallet mnemonic exposed via `wallet_backup` tool The skill provides a `wallet_backup` tool explicitly described as retrieving the 'mnemonic (sensitive!)'. The mnemonic phrase grants full control over the cryptocurrency wallet. An AI agent, if compromised by prompt injection, could be instructed to call this tool and exfiltrate the mnemonic, leading to the complete loss of funds. This represents an extreme data exfiltration risk and an excessive permission granted to the AI. Remove or severely restrict access to the `wallet_backup` tool. If absolutely necessary, implement strong human-in-the-loop confirmation, multi-factor authentication, or a separate, highly secure out-of-band mechanism for mnemonic retrieval, ensuring the AI agent cannot trigger it autonomously. The AI should never have direct access to the mnemonic. | LLM | SKILL.md:62 | |
| HIGH | Untrusted dependency execution during installation The installation instructions include `npm install` and `npm run build`. These commands execute code defined in the `package.json` and its dependencies. If the upstream repository (https://github.com/onesandzeros-nz/BreezClaw.git) or any of its dependencies are compromised, malicious code could be executed on the host system during installation, leading to command injection or data exfiltration. Implement stricter dependency vetting (e.g., `npm audit`, dependency pinning, package integrity checks). Consider sandboxing the installation environment. For AI agents, consider pre-built images or verified packages instead of direct `npm install` from source. | LLM | SKILL.md:14 | |
| HIGH | Skill requires and handles sensitive API key The skill requires a `breezApiKey` for its operation, which is configured in `~/.openclaw/openclaw.json`. While necessary for functionality, this means the skill's underlying code will have access to this sensitive credential. If the skill's code is compromised or contains vulnerabilities, the API key could be exfiltrated or misused. The security of the API key depends entirely on the implementation of the BreezClaw plugin, which is not provided for analysis. Ensure the skill's implementation handles the API key securely, avoiding logging, hardcoding, or unnecessary exposure. Implement principle of least privilege for API key usage. Consider using short-lived tokens or more granular permissions if the Breez API supports them. | LLM | SKILL.md:35 |
Scan History
Embed Code
[](https://skillshield.io/report/1558f0aaa71dc4f4)
Powered by SkillShield