Trust Assessment
claws-network received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Suspicious import: urllib.request, Unpinned Remote Code Fetching from GitHub 'main' branch, Auto-update script allows arbitrary code execution via unpinned remote content.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned Remote Code Fetching from GitHub 'main' branch The skill package uses `curl` commands to fetch skill files and scripts directly from the `main` branch of a GitHub repository (`https://raw.githubusercontent.com/ClawsNetwork/skills/main/claws-network/`). This occurs during initial installation (in `SKILL.md`'s 'Quick Install' section) and during regular updates (via `scripts/update_skill.sh`). Fetching content from an unpinned branch without integrity checks (like commit hashes or checksums) makes the skill highly vulnerable to supply chain attacks. If the `ClawsNetwork/skills` repository is compromised, an attacker can inject malicious code into the `main` branch, which would then be downloaded and potentially executed by agents using this skill. Pin all remote content fetches to specific commit hashes or version tags instead of the `main` branch. Implement cryptographic integrity checks (e.g., SHA256 checksums) for downloaded files. Consider using a package manager with lock files. | LLM | SKILL.md:16 | |
| HIGH | Auto-update script allows arbitrary code execution via unpinned remote content The `scripts/update_skill.sh` script is designed to automatically update the skill's files and scripts by downloading them from an unpinned GitHub `main` branch. The `SKILL.md` explicitly instructs the agent to run this script periodically. This creates a critical command injection vulnerability: if the remote GitHub repository is compromised, an attacker can modify `scripts/update_skill.sh` or any other script/file it downloads. When the agent executes `update_skill.sh`, it will download and execute the malicious code, leading to arbitrary command execution on the agent's host system. The `chmod +x` command within `update_skill.sh` further ensures that any downloaded script, including malicious ones, will be executable. Implement robust integrity checks (e.g., cryptographic signatures or checksums) for all downloaded files. Pin remote content fetches to specific, immutable versions (commit hashes or signed releases). Avoid automatic execution of unverified remote code. Consider a secure update mechanism that validates the source and integrity of updates before applying them. | LLM | SKILL.md:137 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/michavie/claws-network/scripts/listen_signals.py:2 | |
| MEDIUM | Unpinned 'pipx install' for 'claw-sdk-cli' The `scripts/check_env.sh` script suggests installing `claw-sdk-cli` using `pipx install claw-sdk-cli`. While this is a suggestion and not an explicit execution within the script, it's a common installation pattern. Installing Python packages without specifying a version (e.g., `claw-sdk-cli==1.2.3`) can lead to supply chain vulnerabilities. An attacker could publish a malicious version of `claw-sdk-cli` with a higher version number, which would then be installed by users following this instruction, potentially leading to arbitrary code execution. Always pin Python package dependencies to specific versions (e.g., `pipx install claw-sdk-cli==X.Y.Z`). Use a `requirements.txt` or `pyproject.toml` with locked dependencies for reproducible and secure installations. | LLM | scripts/check_env.sh:6 |
Scan History
Embed Code
[](https://skillshield.io/report/e0159da9de9bbbb5)
Powered by SkillShield