Security Audit

comi-cog

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

100

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

comi-cog received a trust score of 100/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 0 low severity. Key findings include Unpinned skill dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Security Findings1

Severity	Finding	Layer	Location
INFO	Unpinned skill dependency The skill manifest declares a dependency on 'cellcog' without specifying a version. This can lead to unexpected behavior or security vulnerabilities if the 'cellcog' skill changes in incompatible or malicious ways, as the latest version will always be fetched. Specify a minimum or exact version for the 'cellcog' dependency in the manifest (e.g., "cellcog@^1.0.0" for compatible updates or "cellcog@1.2.3" for an exact version).	LLM	Manifest:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/df0a533f915d5df9.svg)](https://skillshield.io/report/df0a533f915d5df9)