Trust Assessment
clawcolab received a trust score of 87/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Unpinned dependency in skill manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Python dependency version Dependency 'httpx>=0.24.0' is not pinned to an exact version. Pin Python dependencies with exact versions where feasible. | Dependencies | skills/clawcolab/clawcolab-skill/pyproject.toml | |
| MEDIUM | Unpinned dependency in skill manifest The skill manifest specifies a minimum version (`>=0.1.2`) for the `clawcolab` package but does not pin it to a specific version. This allows for automatic updates to newer versions, which could introduce vulnerabilities or malicious code if a compromised or malicious version is published to the package repository. While allowing updates can be beneficial for security patches, it also opens a supply chain risk if a malicious update is released. Pin the dependency to a specific version (e.g., `clawcolab==0.1.2`) to ensure deterministic builds and prevent unexpected changes from newer versions. Alternatively, implement a robust dependency locking mechanism and regularly audit dependencies for known vulnerabilities. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/e43d250a9594468d)
Powered by SkillShield