Trust Assessment
clawland received a trust score of 92/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependencies installed via execSync, Skill accesses and manages files in user's home directory.
The analysis covered 1 layer: LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned npm dependencies installed via execSync The `ensureDeps` function in `scripts/common.js` uses `child_process.execSync` to install Node.js dependencies. While major versions are specified (e.g., `@solana/web3.js@1`), specific patch or minor versions are not pinned. This introduces a supply chain risk, as a compromised future patch or minor release of any of these dependencies (`@solana/web3.js`, `@coral-xyz/anchor`, `@solana/spl-token`, `bs58`, `tweetnacl`) could be automatically downloaded and executed by the skill without explicit review of that specific version. The use of `execSync` for dynamic dependency installation also falls under command execution, though the command itself is hardcoded. Pin all npm dependencies to exact versions (e.g., `package@1.2.3`) instead of major versions (e.g., `package@1`). This ensures deterministic builds and prevents automatic updates to potentially compromised versions. Consider using a lock file (e.g., `package-lock.json`) and `npm ci` for more secure and deterministic installations. | LLM | scripts/common.js:30 | |
| LOW | Skill accesses and manages files in user's home directory The skill creates and manages a configuration directory (`~/.config/clawland/`) in the user's home directory to store sensitive files like `wallet.json` (containing the Solana private key) and `credentials.json` (potentially containing the `CLAWLAND_API_KEY`). While this is a common and often necessary pattern for applications managing user-specific data, it grants the skill broad read/write access within a user's home directory. If the skill were to be compromised or contain a vulnerability, this access could theoretically be exploited to read or write other sensitive files outside of its intended scope within the `~/.config/clawland/` directory. The use of `fs.chmodSync(WALLET_PATH, 0o600)` for `wallet.json` is a good mitigation for that specific file's permissions. Clearly document the exact file system permissions and access required by the skill. While the current approach is justified for a wallet skill, platforms running such skills should implement robust sandboxing or permission models to restrict file system access to only the explicitly required paths, minimizing the blast radius in case of compromise. | LLM | scripts/common.js:19 |
Scan History
Embed Code
[](https://skillshield.io/report/1b12c2ced3f0e535)
Powered by SkillShield