Trust Assessment
crabwalk received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 3 critical, 3 high, 4 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Sensitive environment variable access: $HOME, Persistence mechanism: Shell RC file modification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/luccast/public/skill.md:11 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/luccast/public/skill.md:107 | |
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/luccast/public/skill.md:108 | |
| HIGH | Unpinned dependency on 'latest' release The installation and update scripts fetch the 'latest' release from GitHub. This means that if the `luccast/crabwalk` repository is compromised, a malicious release could be pushed and automatically installed on the user's system without specific version verification. This introduces a significant supply chain risk. Pin to a specific version hash or use cryptographic signatures for release verification. Avoid relying solely on 'latest' tags for critical installations. | LLM | skill.md:14 | |
| HIGH | Unnecessary sudo for package installation The installation script attempts to install `qrencode` using `sudo` without explicit user confirmation for the `sudo` command itself. This grants root privileges to the script, which could be exploited if the `qrencode` package source or the script itself were compromised, leading to arbitrary code execution with elevated privileges. Avoid using `sudo` directly within automated scripts. If root privileges are absolutely necessary, prompt the user for confirmation before each `sudo` command or provide clear instructions for manual execution. | LLM | skill.md:14 | |
| HIGH | Default binding to all network interfaces (0.0.0.0) and instruction to share network IP The `crabwalk` application binds to `0.0.0.0` by default, making its web interface accessible from any machine on the local network. The skill explicitly instructs the user to 'Share the `http://192.x.x.x:3000` (network IP) link with your human'. This exposes the monitoring data and potentially the `/workspace` file browser to other devices on the network, which could lead to unauthorized access or data exfiltration if the network is untrusted or the service has vulnerabilities. Recommend binding to `127.0.0.1` (localhost) by default for security, and only bind to `0.0.0.0` or a specific network IP if explicitly configured by the user with a clear understanding of the security implications. Advise users to only share links on trusted networks or use secure tunneling. | LLM | skill.md:30 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/luccast/public/skill.md:11 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/luccast/public/skill.md:11 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/luccast/public/skill.md:107 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/luccast/public/skill.md:108 | |
| INFO | Accesses OpenClaw gateway token The skill states that `crabwalk` 'Auto-detects gateway token from ~/.openclaw/openclaw.json'. While this is for the skill's intended functionality, it involves reading a sensitive credential from the user's system. It's important that the `crabwalk` application handles this token securely and does not expose it. Ensure the `crabwalk` application handles the gateway token securely, including proper storage, transmission, and access control. Inform users about this access. | LLM | skill.md:62 |
Scan History
Embed Code
[](https://skillshield.io/report/f4e2a6f8594d6170)
Powered by SkillShield