Security Audit

clawprint-verify

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

clawprint-verify received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via CLAWPRINT_SERVER_URL, JSON Injection via user-supplied arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Command Injection via CLAWPRINT_SERVER_URL The `CLAWPRINT_SERVER_URL` environment variable is directly used within double quotes in `curl` commands. If this variable contains shell command substitutions (e.g., `$(evil_command)` or backticks), the embedded command will be executed by the shell before `curl` is invoked. This allows an attacker to execute arbitrary commands by manipulating the `CLAWPRINT_SERVER_URL` environment variable. Strictly validate the format of `CLAWPRINT_SERVER_URL` to ensure it is a well-formed URL and does not contain shell metacharacters or command substitutions. Alternatively, use a more robust method for constructing the `curl` command that prevents shell expansion of the URL variable.	LLM	clawprint-challenge.sh:30
MEDIUM	JSON Injection via user-supplied arguments The `challenge_id` and `answer` arguments, which are user-supplied, are directly embedded into JSON payloads without proper escaping of JSON special characters (like `"` or `\`). An attacker could craft these arguments to inject arbitrary JSON fields into the request body, potentially altering the intended API call or bypassing server-side logic if the backend is not robustly handling unexpected JSON structures. While not a direct shell command injection, it represents an injection vulnerability that could lead to API abuse or data manipulation. Escape JSON special characters in user-supplied arguments (`challenge_id`, `answer`) before embedding them into the JSON string. A common and safer approach is to use `jq` to construct the JSON payload, as `jq` handles proper JSON escaping automatically. For example, `jq -n --arg id "$challenge_id" --arg ans "$answer" '{"challenge_id": $id, "answer": $ans}'`.	LLM	clawprint-challenge.sh:93

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b654e01f987b96ce.svg)](https://skillshield.io/report/b654e01f987b96ce)