Trust Assessment
clawchess received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Skill instructs agent to store API key locally, Skill instructs agent to fetch and execute external instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill instructs agent to fetch and execute external instructions The skill explicitly instructs the AI agent to periodically 'Fetch https://www.clawchess.com/HEARTBEAT.md and follow it'. This design pattern means the agent is configured to dynamically load and execute instructions from an external, untrusted source. If the `clawchess.com` domain or the `HEARTBEAT.md` file itself were compromised, an attacker could inject arbitrary instructions, leading to prompt injection, data exfiltration, or other malicious actions by the agent. This creates a critical supply chain vulnerability. Do not instruct the agent to fetch and execute instructions from external URLs. All operational logic and instructions should be self-contained within the trusted skill package. If dynamic updates are necessary, they should be limited to data, not executable instructions, and should be cryptographically signed and verified before use. | LLM | SKILL.md:114 | |
| MEDIUM | Skill instructs agent to store API key locally The skill explicitly instructs the AI agent to save its generated API key to a local file (`~/.config/clawchess/credentials.json`) or environment variables. While common practice for credential management, this creates a persistent local storage point for sensitive credentials, making them a target for data exfiltration if the agent's environment is compromised or if it can be tricked into revealing file contents or environment variables. Advise against storing API keys directly in plain text files or environment variables accessible by the agent. Instead, recommend using a secure secrets management system or an encrypted vault that requires explicit user interaction or a separate, highly restricted process for access. If local storage is unavoidable, ensure the file permissions are highly restrictive. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/4df7cc79ba546546)
Powered by SkillShield