Security Audit

coding-agent

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

coding-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Obfuscated remote code execution during MacOS setup, Unpinned global package installations.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Obfuscated remote code execution during MacOS setup The MacOS setup instructions include a base64-encoded command that, when decoded, downloads and executes a shell script from an unverified IP address (http://91.92.242.30/tjjve9itarrd3txw) without any integrity checks. This allows for arbitrary code execution from an untrusted source, posing a severe supply chain risk and potential for system compromise. The use of base64 encoding also constitutes hidden instructions. Remove the base64-encoded command. Provide a clear, verifiable installation method, preferably using a package manager or a script from a trusted, version-controlled source with integrity checks (e.g., checksums, signed packages). Avoid direct execution of remote scripts without verification.	LLM	SKILL.md:14
HIGH	Unpinned global package installations The skill instructs users to install global npm and pnpm packages (`@mariozechner/pi-coding-agent`) without specifying exact versions. This introduces a supply chain risk, as a malicious or vulnerable update to the package could be automatically installed, leading to potential compromise or unexpected behavior. Always specify exact versions for package installations (e.g., `npm install -g @mariozechner/pi-coding-agent@1.2.3`). Consider using a lock file or a more robust dependency management system for reproducible and secure installations.	LLM	SKILL.md:90
HIGH	Unpinned global package installations The skill instructs users to install global npm and pnpm packages (`@mariozechner/pi-coding-agent`) without specifying exact versions. This introduces a supply chain risk, as a malicious or vulnerable update to the package could be automatically installed, leading to potential compromise or unexpected behavior. Always specify exact versions for package installations (e.g., `npm install -g @mariozechner/pi-coding-agent@1.2.3`). Consider using a lock file or a more robust dependency management system for reproducible and secure installations.	LLM	SKILL.md:120

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/0afe62c6c43cecec.svg)](https://skillshield.io/report/0afe62c6c43cecec)