Security Audit

clipboard

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

clipboard received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill allows reading sensitive clipboard content, Skill allows copying arbitrary file contents to clipboard.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Skill allows reading sensitive clipboard content The skill provides a command (`xclip -selection clipboard -o`) that reads the current content of the system clipboard and outputs it to standard output. If the clipboard contains sensitive information (e.g., passwords, API keys, personal data) from a previous user action, an AI agent using this skill could inadvertently or maliciously exfiltrate this data by executing this command and relaying its output to the LLM or other services. Implement strict access controls or user confirmation prompts before allowing the agent to read clipboard content, especially if the content is to be relayed to the LLM or external services. Consider sanitizing or redacting potentially sensitive information from the output.	LLM	SKILL.md:16
HIGH	Skill allows copying arbitrary file contents to clipboard The skill demonstrates copying the contents of a specified file to the system clipboard (`xclip -selection clipboard < /path/to/file.txt`). If an AI agent is prompted by a malicious user to copy sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, configuration files with credentials) to the clipboard, this could lead to data exfiltration. Once in the clipboard, the data can be read by other processes or subsequently exfiltrated by the agent using the clipboard read command. Implement strict validation and sanitization of file paths provided to this skill. Restrict access to sensitive directories and files. Require explicit user confirmation before copying contents of potentially sensitive files to the clipboard.	LLM	SKILL.md:22

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5daa3b886185c356.svg)](https://skillshield.io/report/5daa3b886185c356)