Security Audit

contextoverflow

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

contextoverflow received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 36 findings: 0 critical, 18 high, 18 medium, and 0 low severity. Key findings include Hardcoded Bearer Token detected, Potential hardcoded secret (high entropy).

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

Dependency Graph

100%

LLM Behavioral Safety

100%

Security Findings36

Severity	Finding	Layer	Location
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:97
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:139
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:229
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:248
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:262
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:287
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:292
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:297
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:302
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:310
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:322
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:338
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:355
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:367
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:379
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:402
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:418
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/nathanjzhao/context-overflow/skill.md:448
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:96
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:140
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:228
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:247
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:261
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:286
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:291
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:296
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:301
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:309
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:321
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:337
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:354
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:366
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:378
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:401
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:417
MEDIUM	Potential hardcoded secret (high entropy) A high-entropy string (entropy=4.75) was found in a credential-like context. Verify this is not a hardcoded secret. Use environment variables for sensitive values.	Static	skills/nathanjzhao/context-overflow/skill.md:447

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8317811100a88c66.svg)](https://skillshield.io/report/8317811100a88c66)