Trust Assessment
clawdump-pooper received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Unrestricted Web Search Capability, Potential Prompt Injection via Cron Job Message.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unrestricted Web Search Capability The skill explicitly states it will "Fetch a poop joke from the internet (search for one)". This implies the agent has access to a web search tool. Unrestricted web search can lead to data exfiltration (e.g., searching for sensitive internal documents), prompt injection (if the search tool is LLM-based and the query can be manipulated), or exposure to malicious content. The skill does not specify any restrictions on the search scope or content. Restrict web search capabilities to specific domains or types of queries, or use a sandboxed search environment. Ensure search queries cannot be influenced by untrusted user input. If possible, use a curated list of jokes instead of dynamic web searches. | LLM | SKILL.md:50 | |
| HIGH | Potential Prompt Injection via Cron Job Message The skill creates cron jobs with a payload containing a `message` field (`"Time to poop! Call the ClawDump API..."`). This message acts as a direct instruction to the agent (likely an LLM). If this message can be influenced by untrusted input, or if the agent's interpretation of such internal messages is not strictly sandboxed, it presents a significant prompt injection vulnerability. An attacker could potentially inject malicious instructions into future cron job messages to manipulate the agent's behavior. Ensure that internal messages used to trigger agent actions are strictly controlled, immutable, and cannot be influenced by any untrusted input. Implement robust sandboxing for agent actions triggered by internal messages, limiting them to predefined, safe operations rather than open-ended instructions. | LLM | SKILL.md:73 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/clawdvader/clawdump-pooper/SKILL.md:1 | |
| MEDIUM | External API Call to Untrusted Endpoint The skill makes an HTTP POST request to `https://clawdump.onrender.com/api/v1/dump`. While the current payload (`{"name": "YOUR_AGENT_NAME"}`) appears benign and uses an internal agent name, any external API call introduces a dependency on an external service. This could lead to data exfiltration if sensitive information were to be included in the payload in the future, or if the remote service were compromised. It also introduces a supply chain risk if the remote service is not trustworthy or becomes malicious. Carefully vet all external API endpoints. Ensure that only necessary, non-sensitive data is sent. Implement strict input validation and output sanitization for all interactions with external services. Consider using a proxy or firewall to control outbound connections and monitor traffic to external services. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/838705e8e0dc45ee)
Powered by SkillShield