Trust Assessment
clawsec-feed received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include CLAWSEC_INSTALL_DIR allows arbitrary installation path, risking system file overwrite.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | CLAWSEC_INSTALL_DIR allows arbitrary installation path, risking system file overwrite The `INSTALL_DIR` variable, which defaults to `~/.openclaw/skills/clawsec-feed`, can be overridden by the `CLAWSEC_INSTALL_DIR` environment variable. If an attacker can control this environment variable (e.g., by setting it to `/` or `/etc`), the skill's installation process will copy its files into that arbitrary system directory. While the skill performs integrity checks on the downloaded files, this still poses a risk of overwriting critical system files if there are name collisions (e.g., if the skill package contained a file named `etc/passwd` or `bin/sh`). The `chmod` commands applied post-copy could also alter permissions of system files in sensitive locations. Restrict `CLAWSEC_INSTALL_DIR` to a safe, user-owned subdirectory (e.g., `~/.openclaw/skills/`) or validate that the provided path is within an allowed prefix. Alternatively, ensure the agent runs with minimal permissions and cannot write to sensitive system directories. | LLM | SKILL.md:100 |
Scan History
Embed Code
[](https://skillshield.io/report/f9892c6837638111)
Powered by SkillShield