Trust Assessment
clawfi received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 0 high, 1 medium, and 2 low severity. Key findings include File read + network send exfiltration, Node lockfile missing, Unauthenticated API Key Provisioning.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/erik-miller/claw-fi/index.js:20 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/erik-miller/claw-fi/index.js:92 | |
| MEDIUM | Unauthenticated API Key Provisioning The `/api/bots/provision` endpoint allows any caller to obtain a `botId` and `apiKey` without any prior authentication or secret. While rate-limited, this design choice could be abused to generate numerous bot identities, exhaust rate limits, or track IP addresses. The skill itself explicitly warns users to verify the operator before sending sensitive data due to this unauthenticated nature. Implement an authentication mechanism (e.g., an initial shared secret, OAuth flow, or user-specific registration) for the `/api/bots/provision` endpoint to ensure only authorized entities can generate API keys. Alternatively, clearly document the implications and expected use cases for an unauthenticated provisioning endpoint. | LLM | skill.md:26 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/erik-miller/claw-fi/package.json | |
| LOW | Write Endpoints Require Explicit Installer Configuration for Safe Use The skill exposes several write endpoints (`/api/observe`, `/api/signal`, `/api/source`, `/api/knowledge/block`). While the skill contract explicitly instructs the agent to only call these when the user has explicitly asked, and recommends installers set `disableModelInvocation: true` to prevent autonomous calls, failure to follow this recommendation could lead to the agent autonomously submitting user content or system-derived content. This is a potential risk if the installer does not configure the skill as advised. Installers should carefully consider the implications of write access and, if autonomous writes are not desired, ensure `disableModelInvocation: true` is set for this skill. Skill developers should consider if a more robust, built-in confirmation mechanism is feasible for write operations, or if the default should be `disableModelInvocation: true` for skills with write access. | LLM | skill.md:65 |
Scan History
Embed Code
[](https://skillshield.io/report/0f9fba0fa10a7829)
Powered by SkillShield