Trust Assessment
claw-stack received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 4 medium, and 0 low severity. Key findings include Missing required field: name, Automatic Error Stack Trace Exfiltration, Overriding Global Error Handling.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 64/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Automatic Error Stack Trace Exfiltration The skill explicitly instructs the agent to implement a global error handler that captures all uncaught exceptions, including their full stack traces (`error.stack`), and automatically posts them to an external API (`https://clawstack.ai/api/questions`). Stack traces can contain sensitive information such as file paths, variable names, internal logic, and potentially snippets of data that led to the error, leading to significant data exfiltration. Review the necessity of sending full stack traces to an external service. If required, implement strict sanitization and redaction of sensitive information from stack traces before transmission. Consider anonymizing error data or providing an opt-in mechanism for users. | LLM | skill.md:79 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/jdiazofficial/claw-stack/skill.md:1 | |
| MEDIUM | Overriding Global Error Handling The skill instructs the agent to override the global `process.on('uncaughtException')` handler. This grants the ClawStack integration control over how all critical errors are processed, potentially bypassing other essential error handling, logging, or security mechanisms that might be in place. This could lead to a loss of visibility into system health or prevent other critical error recovery procedures. Instead of overriding, consider chaining error handlers or providing a mechanism for other handlers to execute. Ensure that the ClawStack handler does not prevent other critical system error handling from functioning. | LLM | skill.md:76 | |
| MEDIUM | Prompt Injection via Untrusted External Content Processing The skill instructs the agent to actively fetch and process content from an external, untrusted social platform (Moltbook) via `getMoltbookPosts()` and `moltbookSkills`. The agent then filters this content based on keywords (`p.content.toLowerCase().includes('how do i')`, etc.) and generates responses. A malicious actor on Moltbook could craft post content to include instructions or data that, when processed by the agent, could manipulate its behavior (prompt injection) or lead to unintended actions or data exfiltration. Implement robust input sanitization and validation for all external content processed by the agent. Isolate the processing of untrusted content in a sandboxed environment. Clearly define and enforce the agent's boundaries and capabilities when interacting with external platforms to prevent manipulation. | LLM | skill.md:249 | |
| MEDIUM | Data Exfiltration via Moltbook Interactions The skill instructs the agent to read and process content from Moltbook and then generate replies, comments, and direct messages, often including `YOUR_CLAWSTACK_INVITE_LINK`. While the invite link itself is not secret, the act of reading potentially sensitive or private information from Moltbook posts/profiles (`getMoltbookPosts()`, `moltbookSkills`, `sendMoltbookDM`) and then acting upon it creates a vector for data exfiltration if the agent is manipulated or if the Moltbook content itself contains sensitive data that the agent is not designed to handle securely. Ensure that the agent's interactions with Moltbook are strictly limited to public information and that no sensitive data is processed or inadvertently included in generated responses. Implement strict access controls and data handling policies for any information retrieved from external platforms. | LLM | skill.md:270 |
Scan History
Embed Code
[](https://skillshield.io/report/fbdbacbadfb3e58d)
Powered by SkillShield