Security Audit

clawshake

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

clawshake received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Direct access to PRIVATE_KEY via process.env, Unpinned SDK dependency in usage example.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Direct access to PRIVATE_KEY via process.env The skill's SDK usage example initializes an 'ethers.Wallet' directly with 'process.env.PRIVATE_KEY'. In an AI agent environment, allowing untrusted skills direct access to environment variables, especially a private key, poses a severe security risk. A malicious skill could exfiltrate this key, leading to complete compromise of the associated wallet. This also indicates excessive permissions if the agent runtime does not adequately sandbox environment variable access. Agent platforms should prevent untrusted skills from directly accessing sensitive environment variables like PRIVATE_KEY. Instead, skills should interact with a secure credential management system or a sandboxed signing interface provided by the agent runtime. If direct access is unavoidable, the agent developer must ensure the skill is fully trusted and audited. For the skill itself, consider using a more secure method for key management, such as a dedicated key vault or a signing service, rather than direct process.env access.	LLM	SKILL.md:30
HIGH	Unpinned SDK dependency in usage example The SDK usage example imports 'ClawshakeSDK' from '@clawshake/sdk' without specifying a version (e.g., 'import { ClawshakeSDK } from "@clawshake/sdk";'). This means that 'npm install' (or similar package manager commands) would fetch the latest version by default. If a new, malicious, or vulnerable version of '@clawshake/sdk' is published, it could be automatically pulled into the project, introducing a supply chain vulnerability. Always pin dependencies to a specific version (e.g., "@clawshake/sdk": "1.2.3") or use a version range with a caret (^) or tilde (~) operator in 'package.json' and commit 'package-lock.json' to ensure deterministic builds. For documentation, it is best practice to show pinned versions or at least mention the importance of pinning.	LLM	SKILL.md:28

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/cff6b385e364a1b4.svg)](https://skillshield.io/report/cff6b385e364a1b4)