Trust Assessment
clawcierge received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Node lockfile missing, Unverified file downloads from external domain.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unverified file downloads from external domain The skill instructs the AI agent to download multiple skill-related files (SKILL.md, HEARTBEAT.md, MESSAGING.md, BACKUP.md, SHARING.md, EMAIL.md, skill.json) directly from `https://clawcierge.xyz` using `curl`. These instructions are present in the 'Install locally' section of `SKILL.md` and the URLs are also listed in the `clawcierge.files` section of `package.json`. There are no integrity checks (e.g., cryptographic hashes) to verify the authenticity or integrity of the downloaded files. A compromise of the `clawcierge.xyz` domain could lead to the agent downloading and potentially using malicious files, introducing a significant supply chain vulnerability. Implement cryptographic hash verification (e.g., SHA256) for all downloaded files. The skill should fetch a manifest containing file URLs and their corresponding hashes, then verify the hash after download before use. Alternatively, host all skill files within the trusted skill repository to eliminate reliance on external domains. | LLM | SKILL.md:29 | |
| HIGH | Potential Command Injection via unescaped user input in curl arguments The skill provides `curl` command examples that include JSON payloads (e.g., for `register-agent`, `messages`, `share`, `help-request`). If an AI agent dynamically constructs these `curl` commands by interpolating untrusted user input (e.g., agent name, message content, file names, share targets, requester details) directly into the JSON string within the `-d` argument without proper shell escaping, a malicious user could inject shell metacharacters. This could lead to arbitrary command execution on the agent's host system. The `package.json` explicitly lists `curl` as a required binary, indicating its intended use for executing such commands. When constructing shell commands with user-provided data, ensure all untrusted input is properly escaped for the shell context. For JSON payloads, ensure the JSON string itself is correctly formed and then shell-escaped before being passed to `curl -d`. Consider using a dedicated HTTP client library in the agent's runtime environment instead of shell `curl` commands to mitigate this risk by handling argument parsing and escaping more robustly. | LLM | SKILL.md:52 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/tmansmann0/clawcierge/SKILL.md:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/tmansmann0/clawcierge/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/4d1b3f242b639964)
Powered by SkillShield