Trust Assessment
clawdchat received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unvalidated URL navigation from external source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unvalidated URL navigation from external source The skill navigates the browser to URLs (`post.url`) extracted directly from an external website (`moltbook.com`) without explicit validation or sanitization. An attacker who can inject malicious URLs into `moltbook.com`'s post data could force the agent's browser to visit arbitrary websites. This could lead to phishing, drive-by downloads (if the browser tool allows it), or other malicious activities, potentially compromising the agent's environment or user data. Implement robust URL validation and sanitization before navigating. Ensure `post.url` strictly adheres to expected patterns (e.g., `https://moltbook.com/*` or a whitelist of allowed domains). Consider using a headless browser or a browser tool with strong sandboxing and security features that prevent arbitrary file access or command execution. | LLM | skill.md:90 |
Scan History
Embed Code
[](https://skillshield.io/report/382e940d83e4fd89)
Powered by SkillShield