Security Audit

clawdbot-skill-update

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

clawdbot-skill-update received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 80 findings: 0 critical, 79 high, 0 medium, and 1 low severity. Key findings include Sensitive path access: AI agent config, Node lockfile missing.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

Dependency Graph

98%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

80 findings

Shell Execution

79 findings

Excessive Permissions

79 findings

Security Findings80

Severity	Finding	Layer	Location
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:19
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:20
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:32
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:33
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:43
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:44
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:45
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:57
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:58
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:59
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:66
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:80
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:81
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:82
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:95
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:96
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:97
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:109
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:110
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:111
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:125
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:190
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:191
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:192
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:193
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:194
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:245
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:246
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:247
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:248
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:249
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:250
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:270
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:271
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:272
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:273
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-dryrun.sh:274
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:16
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:17
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:29
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:33
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:34
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:39
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:49
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:59
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:69
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:79
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:91
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:174
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/backup-clawdbot-full.sh:183
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:71
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:78
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:89
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:100
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:111
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:122
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:134
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:200
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:201
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:202
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:203
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:204
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:205
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/restore-clawdbot.sh:219
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:16
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:18
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:29
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:30
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:31
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:46
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:60
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:61
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:70
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:71
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:80
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:81
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:85
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:174
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/pasogott/clawdbot-skill-update/validate-setup.sh:182
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/pasogott/clawdbot-skill-update/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4758ff37c02470f3.svg)](https://skillshield.io/report/4758ff37c02470f3)