Trust Assessment
context-budgeting received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Hardcoded absolute workspace path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Hardcoded absolute workspace path The script uses a hardcoded absolute path for the WORKSPACE variable (`/Users/yang/clawd`). This can lead to issues in different deployment environments, such as: 1) script failure if the path does not exist, 2) unintended file system interactions (e.g., overwriting data) if the path exists but is not the intended workspace, or 3) implying excessive permissions by attempting to access a specific user's home directory structure. This reduces portability and increases the risk of unexpected behavior. Replace the hardcoded absolute path with a relative path (e.g., relative to the skill's root directory) or use an environment variable (e.g., `$OPENCLAW_WORKSPACE`) that can be configured at deployment time. Ensure the script operates within a well-defined and sandboxed workspace. | LLM | scripts/gc_and_checkpoint.sh:5 |
Scan History
Embed Code
[](https://skillshield.io/report/ea3c27803ae84af7)
Powered by SkillShield