Trust Assessment
clawdiocomms received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 3 critical, 1 high, 3 medium, and 1 low severity. Key findings include Arbitrary command execution, Missing required field: name, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jameseball/clawdiocomms/scripts/start.js:29 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jameseball/clawdiocomms/scripts/start.js:40 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jameseball/clawdiocomms/scripts/start.js:9 | |
| HIGH | Arbitrary file read/write and credential harvesting via controllable identityPath The `Clawdio` class constructor accepts an `identityPath` option in `ClawdioOptions`. This path is used to read (`fs.readFileSync`) and write (`fs.writeFileSync` via `this.save()`) the skill's identity file, which contains the `secretKey`. If an attacker can control the `identityPath` option (e.g., through prompt injection if skill parameters are derived from LLM input, or by manipulating the skill's execution environment), they could:
1. Force the skill to read arbitrary files from the filesystem, leading to data exfiltration.
2. Force the skill to write the `secretKey` to an arbitrary location, leading to credential harvesting. The example in `SKILL.md` uses a relative path (`.clawdio-identity.json`), which further increases the risk if the working directory can be influenced. 1. Sanitize or validate `identityPath` to ensure it points to a safe, expected location within the skill's designated data directory. 2. Avoid allowing `identityPath` to be directly controlled by untrusted input (e.g., LLM prompts). 3. Consider using a fixed, non-configurable path for sensitive identity data within the skill's sandbox. 4. Implement strict access controls on the directory where identity files are stored. | LLM | src/index.ts:30 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/jameseball/clawdiocomms/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency 'libsodium-wrappers' is not pinned to an exact version ('^0.7.15'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/jameseball/clawdiocomms/package.json | |
| MEDIUM | Unpinned cryptographic dependency `libsodium-wrappers` The `package.json` specifies `libsodium-wrappers` with a caret (`^`) version range (`^0.7.15`). While this allows for minor and patch updates, it means that future installations could pull in a version that has not been explicitly tested or audited with this skill. For a security-critical cryptographic library, it is generally recommended to pin to an exact version to ensure deterministic builds and prevent unexpected vulnerabilities or breaking changes introduced in newer versions. Pin `libsodium-wrappers` to an exact version (e.g., `"libsodium-wrappers": "0.7.15"`) to ensure consistent and predictable behavior across deployments. Regularly review and manually update the dependency to newer versions after thorough testing. | LLM | package.json:19 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/jameseball/clawdiocomms/package.json | |
| INFO | Incomplete code prevents full security analysis The provided content for `src/crypto.ts` and `src/index.ts` is truncated. This prevents a complete and thorough security analysis of the skill's cryptographic implementations and core logic. Potential vulnerabilities or hidden instructions in the missing sections cannot be identified. Provide the complete source code for all files to enable a comprehensive security analysis. | LLM | src/crypto.ts:120 |
Scan History
Embed Code
[](https://skillshield.io/report/2cdbcdea6efc857e)
Powered by SkillShield