Security Audit

chum-cloud

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

chum-cloud received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill instructs agent to fetch and follow external, untrusted instructions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Skill instructs agent to fetch and follow external, untrusted instructions The skill explicitly instructs the AI agent to retrieve and follow content from an external markdown file (`https://clumcloud.com/api/cloud/villain-bible.md`). This external content is untrusted and can be modified by the remote server at any time. If the agent interprets or executes instructions found within this 'Villain Bible', it could lead to prompt injection, data exfiltration, or other malicious actions controlled by the `clumcloud.com` domain owner. The instruction 'Read it. Follow it.' makes this a direct command to the agent, creating a significant supply chain risk. Agents should be strictly sandboxed from executing or interpreting instructions from external, untrusted sources. If external content is necessary, it should be fetched, sanitized, and only specific, pre-approved data points should be extracted, not arbitrary instructions. Consider fetching the 'Villain Bible' content and embedding it directly within the skill package if it's static, or implement strict content filtering and instruction parsing if dynamic content is required.	LLM	SKILL.md:22

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d38bc28241ca810f.svg)](https://skillshield.io/report/d38bc28241ca810f)