Trust Assessment
claw-voice received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, User input directly forwarded as agent prompt, Potential data exfiltration through agent response.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | User input directly forwarded as agent prompt The `cmd_agent` function in `client.py` receives user messages via WebSocket and directly passes the `content` of these messages as the `--message` argument to an `openclaw agent` subprocess. Although `shlex.quote` is used to prevent command injection into the shell, the content of the user message itself can be crafted to manipulate the behavior of the `openclaw agent` (e.g., if it's an LLM), leading to prompt injection. An attacker can use this to override the agent's instructions, change its persona, or elicit unintended behavior. Implement robust input sanitization and validation for `user_text` before passing it to the `openclaw agent`. If the `openclaw agent` is an LLM, ensure it has strong system prompts and guardrails to resist manipulation. Consider using a separate, isolated LLM call for user messages that are intended as instructions, or strictly define the schema for user input to the agent. | LLM | client.py:90 | |
| HIGH | Potential data exfiltration through agent response Following a successful prompt injection (SS-LLM-001), an attacker could manipulate the `openclaw agent` to reveal sensitive information it has access to (e.g., internal state, environment variables, file contents, or other data it might process). The `cmd_agent` function captures the `stdout` of the `openclaw agent` and sends it back to the user via the WebSocket. This creates a direct channel for an attacker to exfiltrate data from the environment where the `openclaw agent` is running. In addition to remediating prompt injection (SS-LLM-001), ensure the `openclaw agent` operates with the principle of least privilege. Restrict its access to sensitive files, environment variables, and network resources. Implement output filtering or redaction mechanisms for the agent's responses to prevent it from inadvertently disclosing sensitive information, even if prompted to do so. | LLM | client.py:92 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/niczy/claw-voice/skill.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/d134f4de7d8a8dfd)
Powered by SkillShield