Trust Assessment
clawskill received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Skill Description Encourages Autonomous Mining by AI Agent, Hardware Fingerprinting Data Exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hardware Fingerprinting Data Exfiltration The skill explicitly states it performs 'Hardware Fingerprinting' and sends data such as CPU model, clock timing variance, cache latency profile, and VM detection flags to an external 'RustChain node' during attestation. While the skill claims this data is not personal, it constitutes exfiltration of detailed system information from the agent's execution environment to an external, untrusted server. Clearly define the full scope of data collected and the privacy policy of the RustChain node. Consider making data collection optional or providing a local-only mode. Ensure robust consent mechanisms are in place, especially for AI agents. | LLM | SKILL.md:30 | |
| HIGH | Unpinned `pip install` for Skill Package The installation instructions recommend `pip install clawskill` without specifying a version. This practice can lead to supply chain attacks where a malicious actor could publish a compromised version of `clawskill` to PyPI, and users would unknowingly install it. It's crucial to pin dependencies to specific versions or at least major versions to mitigate this risk. Update installation instructions to recommend pinning the package version, e.g., `pip install clawskill==X.Y.Z`. Ensure that the `setup.py` or `requirements.txt` for `clawskill` also pins its internal dependencies (like `requests`). | LLM | SKILL.md:48 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/scottcjn/clawskill/SKILL.md:1 | |
| MEDIUM | Skill Description Encourages Autonomous Mining by AI Agent The skill's title, 'Mine RTC Tokens With Your AI Agent,' and subsequent descriptions of how to install and start mining, could be interpreted by an AI agent as a direct instruction to initiate mining operations. An agent might autonomously execute `clawskill install` and `clawskill start` commands, dedicating its computational resources to mining without explicit user consent or understanding of the implications, effectively manipulating the agent's behavior. Rephrase the skill description to be purely informative, clearly distinguishing between the skill's capabilities and direct instructions for the AI agent. Explicitly state that user confirmation is required for resource-intensive operations. For example, 'This skill *enables* your AI agent to mine RTC Tokens...' | LLM | SKILL.md:1 | |
| MEDIUM | Broad System Information Access for Hardware Fingerprinting The skill's core functionality, 'Hardware Fingerprinting,' requires access to detailed system information including CPU model, clock timing, cache latency, SIMD unit identity, thermal drift, instruction path jitter, and VM detection flags. While the skill states it operates user-scoped and doesn't require root, this level of system introspection grants broad access to the underlying hardware environment, which could be abused if the miner scripts are malicious. Provide a detailed breakdown of *exactly* what system calls or APIs are used for fingerprinting. Implement sandboxing or stricter permission models if possible to limit the scope of access to only what is strictly necessary. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/9e9c57ceb2f1010e)
Powered by SkillShield