Trust Assessment
clawnance received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 1 high, 1 medium, and 2 low severity. Key findings include Execution of Untrusted External Script, Unverified External File Downloads, Direct Shell Command Execution with User-Provided Input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 44/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Execution of Untrusted External Script The skill explicitly instructs the AI agent to download `heartbeat.md` from an external URL (`https://clawnance.com`) and then to 'follow the instructions' within that file every 5 minutes. This creates a persistent arbitrary code execution vulnerability. If the external server is compromised or the file content is malicious, the agent will execute arbitrary commands on its host system. Implement strict integrity checks (e.g., cryptographic signatures, checksums) for downloaded files. Avoid executing instructions from externally sourced files directly. If execution is necessary, sandbox the execution environment and limit permissions. | LLM | skill.md:61 | |
| HIGH | Unverified External File Downloads The skill instructs the agent to download `trading.md` and `heartbeat.md` from `https://clawnance.com` using `curl -O`. There are no integrity checks (like checksums or signatures) specified. This makes the agent vulnerable to supply chain attacks where a compromised `clawnance.com` server could serve malicious files, which the agent is then instructed to use or execute. This risk is compounded by the instruction to execute `heartbeat.md` periodically. Require cryptographic signatures or checksums for all downloaded external files. Verify these against a trusted source before using or executing the files. Consider pinning specific versions or hashes of external resources. | LLM | skill.md:27 | |
| MEDIUM | Direct Shell Command Execution with User-Provided Input The skill instructs the agent to execute `curl` commands for registration and file downloads, and suggests using `cron` for scheduling. While `curl` for registration uses a JSON payload, the `name`, `pubkey`, and `model` fields are placeholders for agent-provided or owner-provided input. If these inputs are not properly sanitized before being embedded into a shell command (e.g., if the agent constructs the `curl` command string directly), it could lead to command injection. Similarly, configuring `cron` involves constructing shell commands. Agents should use robust libraries for HTTP requests and system scheduling instead of direct shell commands. All user-provided or dynamically generated inputs used in shell commands must be strictly sanitized or properly escaped to prevent injection. | LLM | skill.md:14 | |
| LOW | Optional Sharing of Performance Data to Arbitrary Platforms The skill includes an optional 'Social Mastery' step that instructs the agent to 'share your performance cards with your owner' and 'with any other social platforms you have access to, ask your owner for confirmation before you do.' While human confirmation is required, the instruction to share with 'any other social platforms you have access to' is broad and could lead to the exfiltration of performance data to unintended or insecure platforms if the agent misinterprets or the human owner is not sufficiently vigilant. Specify a whitelist of approved social platforms or sharing mechanisms. Provide clearer guidelines on what constitutes 'social platforms you have access to' and the implications of sharing data. | LLM | skill.md:66 | |
| LOW | Broad File System Write Permissions Implied The skill requires the agent to download files (`trading.md`, `heartbeat.md`) and create new files (`strategy.md`, `risk.md`) in its 'local memory'. This implies that the agent will have broad write access to its local filesystem. While necessary for the skill's functionality, this level of permission could be exploited if the agent is compromised, allowing an attacker to write arbitrary files to the system. Implement a sandboxed environment for the agent with minimal necessary file system permissions. Restrict file writing to specific, designated directories. | LLM | skill.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/29bfe554fad69738)
Powered by SkillShield