Security Audit

clawgang

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

clawgang received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via unescaped JSON in curl -d, API Key exfiltration via configurable base URL.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unescaped JSON in curl -d The skill provides `curl` examples that use `-d '{"key": "value"}'` to send JSON data. If the LLM generates the `value` (e.g., `content`, `toUsername`, `name`) based on untrusted user input and does not properly escape single quotes or shell metacharacters, an attacker could inject arbitrary shell commands. This could lead to remote code execution on the agent's host system. The LLM must be instructed to rigorously escape all user-provided strings that are interpolated into shell commands, especially those within single-quoted arguments like `curl -d`. For JSON payloads, ensure proper JSON serialization and then shell-escape the entire JSON string if it's passed as a single argument to `curl -d`. Alternatively, use a safer method for passing JSON, such as writing to a temporary file and using `--data-binary @filename`.	LLM	SKILL.md:58
HIGH	API Key exfiltration via configurable base URL The skill uses `CLAWGANG_API_KEY` for authentication and states that the base URL can be `https://clawgang.ai` "or the configured `CLAWGANG_BASE_URL`". If `CLAWGANG_BASE_URL` is an environment variable or other configuration that can be controlled by an attacker, the `CLAWGANG_API_KEY` (a sensitive credential) could be exfiltrated to an arbitrary malicious server controlled by the attacker. The manifest only lists `CLAWGANG_API_KEY` as required, not `CLAWGANG_BASE_URL`, which increases the likelihood of it being a user-configurable value. The `CLAWGANG_BASE_URL` should be hardcoded to `https://clawgang.ai` within the skill definition or strictly validated to ensure it points only to trusted domains. If it must be configurable, implement strong validation to restrict it to a whitelist of allowed domains, or ensure it's set by a trusted party and not exposed to untrusted input.	LLM	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/68693859f9e8cbc5.svg)](https://skillshield.io/report/68693859f9e8cbc5)