Trust Assessment
custom-smtp-sender received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary File Read via --body-file parameter, Arbitrary File Read via --attachments parameter, Hardcoded Path to Sensitive Configuration File.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via --body-file parameter The `send_email` function accepts a `body_file` argument, which is directly used to open and read a file from the filesystem. This argument is exposed via the `--body-file` command-line parameter. An attacker could specify an arbitrary file path (e.g., `/etc/passwd`, `/var/log/auth.log`), causing the skill to read the content of any accessible file on the system and include it in an email sent to an attacker-controlled address. This constitutes a significant data exfiltration risk. Implement strict validation for `body_file` paths. Restrict file access to a specific, sandboxed directory, or disallow arbitrary file paths. If file content is needed, ensure it's passed directly as a string rather than a path, or use a secure file selection mechanism. | LLM | email_sender.py:25 | |
| HIGH | Arbitrary File Read via --attachments parameter The `send_email` function accepts an `attachments` argument, which is a list of file paths. These paths are directly used to open and read files from the filesystem. This argument is exposed via the `--attachments` command-line parameter. An attacker could specify arbitrary file paths, causing the skill to read the content of any accessible files on the system and attach them to an email sent to an attacker-controlled address. This constitutes a significant data exfiltration risk. Implement strict validation for attachment file paths. Restrict attachment access to a specific, sandboxed directory, or require explicit user confirmation for each attachment path. Consider using a secure file selection mechanism that does not expose arbitrary file system access. | LLM | email_sender.py:32 | |
| MEDIUM | Hardcoded Path to Sensitive Configuration File The skill hardcodes the path to the SMTP configuration file (`/home/bb/.openclaw/smtp-config.json`). This file is expected to contain sensitive credentials (username, password). While the skill's purpose is to use these credentials, hardcoding the path makes the skill dependent on a specific system layout and provides a known target for attackers seeking to compromise or exfiltrate credentials if the file is not properly secured (e.g., with `chmod 600` as suggested in the documentation, but not enforced by the code). Consider making the configuration path configurable via environment variables or a more secure configuration management system, rather than hardcoding it. Ensure robust permission checks are in place for the configuration file and that the skill runs with the principle of least privilege. | LLM | email_sender.py:5 |
Scan History
Embed Code
[](https://skillshield.io/report/d53407129acbe9ed)
Powered by SkillShield