Trust Assessment
clawl-register received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Data sent to unadvertised API endpoint, Broad file system access to sensitive configuration files, Outdated help text for `--gateway` option.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Data sent to unadvertised API endpoint The skill's documentation (SKILL.md) prominently states that registration data is sent to `clawl.co.uk`. However, the `scripts/register.js` file defaults the `CLAWL_API` to `https://moogle-alpha.vercel.app`. This means that by default, agent metadata is transmitted to a different domain than advertised, which is a significant transparency issue and a potential supply chain risk. Users may unknowingly send their agent's public profile data to an unadvertised or potentially less secure endpoint. Align the default `CLAWL_API` endpoint in `scripts/register.js` with the advertised domain (`clawl.co.uk`) or clearly document the use of a different endpoint (e.g., for development/staging) in the skill's documentation. Ensure that `moogle-alpha.vercel.app` is a trusted and secure endpoint if it is intended for production use. | LLM | scripts/register.js:17 | |
| MEDIUM | Broad file system access to sensitive configuration files The `autoDetect` function attempts to read configuration files such as `~/.openclaw/openclaw.json`, `SOUL.md`, and `IDENTITY.md` from various locations, including the user's home directory. While the script claims to only extract 'name' and 'description' and not transmit private data, accessing a general configuration file like `.openclaw/openclaw.json` grants broad permissions. This file could contain sensitive information (e.g., API keys, tokens, private paths) that, if the script were maliciously modified (supply chain risk), could be exfiltrated. The current implementation's selective extraction mitigates immediate exfiltration but the broad access remains an excessive permission. Minimize file system access to only strictly necessary files and paths. If reading configuration files, ensure that only specific, non-sensitive fields are parsed and used. Consider implementing more granular permissions or sandboxing if the environment allows. Explicitly warn users about the files being accessed and their potential contents. | LLM | scripts/register.js:70 | |
| LOW | Outdated help text for `--gateway` option The help message displayed by `node register.js --help` still lists `--gateway <url>` as an option. However, the `SKILL.md` and comments within the `parseArgs` function indicate that gateway URLs are no longer accepted for security reasons. This discrepancy can confuse users and suggest a feature that is intentionally disabled, potentially leading to frustration or attempts to use a non-functional option. Remove the `--gateway <url>` option from the help text in `scripts/register.js` to accurately reflect the current functionality and security posture of the skill. | LLM | scripts/register.js:40 |
Scan History
Embed Code
[](https://skillshield.io/report/9bb13e06841ac9cc)
Powered by SkillShield