Trust Assessment
clawdbot-macos-build received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, Arbitrary Code Execution from Untrusted Git Repository, Excessive Privileges Requested for System Operations.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Code Execution from Untrusted Git Repository The skill clones an external Git repository (`https://github.com/clawdbot/clawdbot.git`) and subsequently executes multiple commands (`pnpm install`, `pnpm ui:build`, `bash scripts/package-mac-app.sh`) directly from the cloned content. This grants the maintainers of the `clawdbot` repository the ability to execute arbitrary code on the host system with the permissions of the skill. A malicious change to the `clawdbot` repository or any of its dependencies could lead to full system compromise, data exfiltration, or other harmful actions. This represents both a command injection and a significant supply chain risk. Avoid executing code directly from untrusted external repositories. If necessary, implement strict sandboxing, review the repository's code thoroughly, pin specific commit hashes for `git clone`, and consider using a trusted build environment. For `pnpm install`, ensure `pnpm-lock.yaml` is present and reviewed, and consider auditing dependencies. | LLM | SKILL.md:20 | |
| HIGH | Excessive Privileges Requested for System Operations The skill requests elevated privileges using `sudo` for operations such as accepting the Xcode license (`sudo xcodebuild -license accept`) and potentially installing system updates (`softwareupdate -i -a`). Additionally, it copies the built application to `/Applications`, which typically requires system-level write access. Granting `sudo` access to an automated skill for these tasks is an excessive permission. If the skill or any code it executes (especially from the untrusted cloned repository) were compromised, this `sudo` access could be exploited for privilege escalation, system modification, or broader control over the host machine. Minimize the use of `sudo`. If elevated privileges are absolutely necessary, prompt the user for explicit confirmation for each `sudo` command or use a more granular privilege management system. Avoid system-wide installations (`/Applications`) unless strictly required and user-approved. Consider running builds in a containerized or sandboxed environment. | LLM | SKILL.md:29 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/manish-basargekar/clawdbot-macos-build/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/ef4e43fe3d15e7d0)
Powered by SkillShield