Trust Assessment
camoufox received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 5 critical, 1 high, 2 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Sensitive environment variable access: $HOME, Unpinned Python dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/goodgoodjm/camoufox/scripts/browse.py:28 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/goodgoodjm/camoufox/scripts/browse.py:37 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/goodgoodjm/camoufox/scripts/login_session.py:37 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/goodgoodjm/camoufox/scripts/login_session.py:41 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/goodgoodjm/camoufox/scripts/login_session.py:49 | |
| HIGH | Unpinned Python dependency The `scripts/setup.sh` script installs the `camoufox` Python package without specifying a version. This makes the skill vulnerable to supply chain attacks, where a malicious actor could publish a new version of `camoufox` with arbitrary code, which would then be installed and executed by the skill when `setup.sh` is run. Pin the dependency to a specific version (e.g., `pip install camoufox==1.2.3`) or use a `requirements.txt` with hashed dependencies to ensure deterministic installations. | LLM | scripts/setup.sh:30 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/goodgoodjm/camoufox/scripts/setup.sh:7 | |
| MEDIUM | Skill setup requires `sudo` for system-wide installations The `scripts/setup.sh` script uses `sudo apt install` to install system-level packages (`python3-venv`, `python3-full`, `xvfb`). This requires the executing user or agent to have `sudo` privileges and potentially interact with a password prompt. Granting `sudo` access to an automated agent or skill increases the attack surface, as a compromised skill could leverage these privileges for broader system compromise. If possible, avoid system-wide installations requiring `sudo`. Consider using containerized environments (e.g., Docker) where dependencies are managed within the container, or instruct users to manually install prerequisites. If `sudo` is unavoidable, clearly document the necessity and potential risks. | LLM | scripts/setup.sh:18 | |
| LOW | Persistent browser profile stores sensitive session data The skill uses a persistent browser profile (`~/.openclaw/camoufox-profile`) to store session data, including cookies and local storage. While this is intended for maintaining sessions across runs, this directory contains sensitive information that, if accessed by unauthorized entities (e.g., other compromised skills or malware), could lead to session hijacking or credential theft. The `login_session.py` script explicitly saves manual login sessions to this profile. Implement strict access controls on the `~/.openclaw/camoufox-profile` directory. Educate users about the sensitive nature of this data. Consider options for encrypting the profile data at rest or providing mechanisms for users to clear the profile when not needed. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/3c1c7e90ea808e54)
Powered by SkillShield