Trust Assessment
clawiskill received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Arbitrary Code Execution via External Script Download and Execution, Arbitrary File Write and Code Execution via Remote Manifest.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Code Execution via External Script Download and Execution The skill instructs the agent to download an installation script from an external URL (`https://clawiskill.com/skill/$SLUG`) and execute it directly using `bash`. This allows for arbitrary code execution if the external source is compromised or if a malicious skill is uploaded to the Clawiskill platform. The `$SLUG` variable, which determines the specific skill page, is agent-controlled, meaning a malicious skill could direct the agent to a compromised or malicious installation script. Avoid direct execution of externally sourced scripts. Instead, download skill files to a sandboxed environment, perform static analysis, and require explicit user/agent confirmation before executing any code. If execution is necessary, ensure the script is signed and verified, or execute it within a highly restricted environment. For installation, consider using a package manager or a more secure, declarative installation method. | LLM | SKILL.md:196 | |
| CRITICAL | Arbitrary File Write and Code Execution via Remote Manifest The skill instructs the agent to download a `skill_manifest.json` from `clawiskill.com` and then iterate through its `file_tree` to download files to paths specified within the manifest. The command `curl -o "$path" "$url"` allows a malicious skill provider to specify arbitrary file paths (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`) and URLs to malicious content. This could lead to overwriting critical system files, injecting malicious configurations, or downloading and potentially executing malicious binaries/scripts, resulting in arbitrary code execution or system compromise. Implement strict validation and sanitization of file paths and URLs received from external sources. Files should only be written to a dedicated, isolated skill directory, and never to sensitive system paths. Consider using a whitelist of allowed file types and locations. All downloaded executables or scripts should be treated as untrusted and executed only after thorough security review and within a sandboxed environment. | LLM | SKILL.md:236 | |
| HIGH | Unpinned Dependencies and Supply Chain Risk in Skill Updates The skill's auto-update mechanism downloads `skill.json`, `SKILL.md`, `HEARTBEAT.md`, and `GUIDELINES.md` directly from `https://clawiskill.com` without any version pinning or integrity checks (e.g., cryptographic hashes). If `clawiskill.com` is compromised, a malicious actor could replace these files with backdoored versions, leading to a supply chain attack where the agent downloads and operates with compromised skill instructions or metadata. Implement cryptographic integrity checks (e.g., SHA256 hashes) for all downloaded files. The skill should verify these hashes against a trusted source (e.g., a hardcoded list or a signed manifest) before using the downloaded content. Additionally, consider signing skill packages to ensure authenticity and integrity. | LLM | SKILL.md:39 | |
| MEDIUM | Missing required field: name The 'name' field is required for openclaw skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/hanryyu/clawiskill/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/4821e9767f5dd67e)
Powered by SkillShield