Security Audit

clawrag

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

clawrag received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Unpinned npm package dependency, Unpinned Git repository dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

86%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Security Findings3

Severity	Finding	Layer	Location
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/2dogsandanerd/clawrag/SKILL.md:1
MEDIUM	Unpinned npm package dependency The skill instructs the host to execute the `@clawrag/mcp-server` npm package via `npx` without specifying a version. This means the latest version will be fetched, which could introduce breaking changes or security vulnerabilities if a future version of the package is compromised or contains malicious code. While the changelog mentions `v1.1.0`, the command itself does not enforce this version. Specify a precise version for the npm package in the `npx` command, e.g., `npx -y @clawrag/mcp-server@1.1.0`, to ensure deterministic behavior and prevent unexpected updates or supply chain attacks.	LLM	SKILL.md:29
MEDIUM	Unpinned Git repository dependency The skill instructs the user to clone the `ClawRag` repository from GitHub without specifying a particular commit hash or tag. This means the user will always get the latest state of the default branch, which could change over time, potentially introducing breaking changes or security vulnerabilities if the repository is compromised or updated with malicious code. Instruct users to clone a specific version (e.g., a release tag or commit hash) of the repository, for example, `git clone --branch v1.2.0 https://github.com/2dogsandanerd/ClawRag.git` or `git clone https://github.com/2dogsandanerd/ClawRag.git && cd ClawRag && git checkout <commit_hash>`.	LLM	SKILL.md:19

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/711c031e31b34343.svg)](https://skillshield.io/report/711c031e31b34343)