Trust Assessment
ClawdStrike received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Script execution bypasses stated allowlist enforcement, Potential for incomplete secret redaction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Script execution bypasses stated allowlist enforcement The `SKILL.md` explicitly instructs the LLM to execute `scripts/collect_verified.sh` and states that 'Verified mode uses only the strict allowlist; do not run any command outside it.' However, the `scripts/collect_verified.sh` script itself does not contain any logic to enforce this allowlist. It directly executes various system and `openclaw` commands without checking them against the `references/verified-allowlist.md` or any other defined allowlist. This creates a security vulnerability where the LLM is led to believe that command execution is strictly controlled, but the underlying script does not implement this control, potentially allowing unauthorized commands to be executed if the script is compromised or modified. Modify `scripts/collect_verified.sh` to explicitly check all commands it intends to execute against the `references/verified-allowlist.md` before execution. Alternatively, if the allowlist is meant for the LLM's *own* command execution, clarify that the script itself is trusted and does not require such checks, or remove the misleading instruction from `SKILL.md`. | LLM | SKILL.md:13 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/misirov/clawdstrike/scripts/collect_verified.sh:16 | |
| LOW | Potential for incomplete secret redaction The `scripts/redact_helpers.sh` script attempts to redact sensitive information (tokens, passwords, API keys, etc.) from command output before it's written to `verified-bundle.json`. While the script includes regex patterns for common secret formats, it is inherently difficult to redact all possible forms of sensitive data. There's a risk that secrets formatted differently or embedded in unexpected contexts might not be caught by the current redaction logic, leading to their inclusion in the `verified-bundle.json` file. Although the skill explicitly states 'Never exfiltrate secrets,' the effectiveness of the redaction relies on the completeness of these patterns. Regularly review and update redaction patterns in `scripts/redact_helpers.sh` to cover new or evolving secret formats. Consider implementing a more robust, context-aware redaction mechanism if possible, or provide clear guidance on what types of secrets are guaranteed to be redacted. | LLM | scripts/redact_helpers.sh:10 |
Scan History
Embed Code
[](https://skillshield.io/report/4391a5782276eca4)
Powered by SkillShield