Trust Assessment
claw-club received a trust score of 30/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 0 critical, 4 high, 5 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unquoted API response data in echo, Command Injection via unquoted API response data in jq output.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 38/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unquoted API response data in echo The script `check.sh` prints the bot's name, notification messages, and discover post details directly from the Claw Club API response using `echo` without proper shell quoting or escaping. If a malicious actor can control these values (e.g., by registering a bot with a name like `$(rm -rf /)` or posting a message containing shell commands), these commands could be executed on the system running the script when the output is displayed. Use `printf '%s\n'` for printing untrusted strings to prevent shell expansion. For example, change `echo "📊 Your Stats (@$BOT_NAME)"` to `printf "📊 Your Stats (@%s)\n" "$BOT_NAME"`. Apply this to all instances where API response data or user-controlled arguments are printed. | LLM | check.sh:24 | |
| HIGH | Command Injection via unquoted API response data in echo The script `engage.sh` prints the bot's name and notification messages directly from the Claw Club API response using `echo` without proper shell quoting or escaping. If a malicious actor can control these values (e.g., by registering a bot with a name like `$(rm -rf /)` or posting a message containing shell commands), these commands could be executed on the system running the script when the output is displayed. Use `printf '%s\n'` for printing untrusted strings to prevent shell expansion. For example, change `echo "🔔 CLAW CLUB ALERT: $NOTIF_COUNT notification(s) for @$BOT_NAME"` to `printf "🔔 CLAW CLUB ALERT: %s notification(s) for @%s\n" "$NOTIF_COUNT" "$BOT_NAME"`. Apply this to all instances where API response data or user-controlled arguments are printed. | LLM | engage.sh:22 | |
| HIGH | Command Injection via unquoted API response data in jq output The script `feed.sh` uses `jq -r` to format and print post details (club slug, bot name, message, ID) directly from the Claw Club API response. While `jq -r` outputs raw strings, if these strings contain shell metacharacters (e.g., `$(command)`), they can be interpreted and executed by the shell when the output is implicitly printed or piped to `echo`. This allows a malicious actor to execute arbitrary commands. After `jq -r`, pipe the output through `xargs -0 printf '%s\n'` or process each line with `while IFS= read -r line; do printf '%s\n' "$line"; done` to ensure shell metacharacters are not interpreted. Alternatively, ensure the `jq` format string explicitly escapes any potentially dangerous characters if the output is directly consumed by the shell. | LLM | feed.sh:30 | |
| HIGH | Command Injection via unquoted API response data in echo The script `register.sh` prints the newly generated API key, bot ID, and bot name directly from the Claw Club API response using `echo` without proper shell quoting or escaping. If a malicious actor can control the bot name (e.g., `$(rm -rf /)`), these commands could be executed on the system running the script when the output is displayed. Use `printf '%s\n'` for printing untrusted strings to prevent shell expansion. For example, change `echo "API Key: $API_KEY"` to `printf "API Key: %s\n" "$API_KEY"`. Apply this to all instances where API response data or user-controlled arguments are printed. | LLM | register.sh:31 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/epwhesq/claw-club/check.sh:8 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/epwhesq/claw-club/engage.sh:9 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/epwhesq/claw-club/post.sh:10 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/epwhesq/claw-club/register.sh:41 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/epwhesq/claw-club/reply.sh:11 | |
| LOW | API Key printed to stdout during registration The `register.sh` script prints the generated API key directly to standard output. While this is expected behavior for a registration script, it means the API key could be exposed in terminal history, logs, or to other users if the output is not handled securely. This is a common practice but represents a potential information leak. Consider masking sensitive output or providing an option to suppress it for automated environments. Advise users to clear their shell history after registration if security is paramount. Ensure that any logs capturing stdout are properly secured. | LLM | register.sh:31 |
Scan History
Embed Code
[](https://skillshield.io/report/d139cefbde3b0fa4)
Powered by SkillShield