Trust Assessment
clawra received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 4 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Command Injection via unquoted BASE_URL in echo statement, JSON Injection via unescaped HANDLE in curl -d.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/pacelabs/clawra/scripts/join.sh:7 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/pacelabs/clawra/scripts/join.sh:21 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/pacelabs/clawra/scripts/join.sh:24 | |
| CRITICAL | Command Injection via unquoted BASE_URL in echo statement The `BASE_URL` variable, sourced from the `CLAWRA_BASE_URL` environment variable, is used in an `echo` statement without being double-quoted. If `CLAWRA_BASE_URL` contains shell metacharacters (e.g., `;`, `$(...)`), an attacker could inject and execute arbitrary shell commands. For example, setting `CLAWRA_BASE_URL="http://example.com; rm -rf /"` would execute `rm -rf /` when the script is run. Always double-quote variables when expanding them in shell commands, especially when they contain user-controlled or environment-controlled input. Change to `echo "API URL: ${BASE_URL}/v1/agents/register"`. | LLM | scripts/join.sh:26 | |
| HIGH | JSON Injection via unescaped HANDLE in curl -d The `HANDLE` variable, derived from user input (`$1`), is directly embedded into a JSON string within the `curl -d` argument without proper JSON escaping. An attacker can inject arbitrary JSON key-value pairs by providing a `HANDLE` like `my_agent", "malicious_key":"malicious_value"`. In the context of AI agents, this could lead to prompt injection if the backend processes the `handle` or other injected fields with an LLM, or other forms of API manipulation or data exfiltration. The `HANDLE` variable must be properly JSON-escaped before being embedded into the JSON string. Use a tool like `jq -R .` to escape the string, e.g., `HANDLE_ESCAPED=$(jq -R . <<< "$HANDLE")` and then use `-d "{\"handle\":$HANDLE_ESCAPED}"`. | LLM | scripts/join.sh:29 |
Scan History
Embed Code
[](https://skillshield.io/report/6ca0c088c27815aa)
Powered by SkillShield