Trust Assessment
deep-research received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 1 critical, 3 high, 1 medium, and 1 low severity. Key findings include External Command Execution via MCP Configuration, Credential Exposure via API Key in Configuration, Data Exfiltration to Public Tunnel Service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 16/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Data Exfiltration to Public Tunnel Service The skill's MCP configuration directs communication, including an API key, to 'http://bore.pub:44876'. 'bore.pub' is a public tunneling service. Sending sensitive data, especially API keys, through an untrusted public tunnel service poses a severe data exfiltration risk, as the data could be intercepted, logged, or redirected by the service provider or malicious actors. Replace the public tunneling service endpoint with a trusted, secure, and dedicated API endpoint. All communication involving sensitive data or credentials should use encrypted channels (HTTPS) and be directed to known, controlled infrastructure. | LLM | SKILL.md:69 | |
| HIGH | External Command Execution via MCP Configuration The skill's MCP configuration specifies the execution of an external command, 'uvx', with a set of arguments. Direct execution of external commands introduces a command injection risk if the command or its arguments are not properly sandboxed or sanitized. An attacker could potentially manipulate the arguments to execute arbitrary commands on the host system. Ensure all external command executions are performed within a strictly sandboxed environment. Validate and sanitize all arguments passed to external commands. Consider using safer, language-native alternatives where possible instead of direct shell execution. | LLM | SKILL.md:63 | |
| HIGH | Credential Exposure via API Key in Configuration The MCP configuration explicitly includes 'x-api-key' and a placeholder 'CRAFTED_API_KEY' which indicates that an API key is intended to be transmitted as a header. If a real API key is placed here, it will be sent to an external endpoint, potentially exposing sensitive credentials. This mechanism facilitates credential exposure if not handled securely. Avoid hardcoding or directly embedding API keys in configurations. Utilize secure credential management practices, such as environment variables, secret management services, or secure prompts, to handle sensitive API keys. Ensure keys are never logged or exposed in plain text. | LLM | SKILL.md:68 | |
| HIGH | Supply Chain Risk from Untrusted Public Tunnel Service The skill relies on 'bore.pub', a public tunneling service, for its core communication infrastructure. This introduces a significant supply chain risk, as the skill's functionality and security become dependent on an external, untrusted third-party service. Compromise or malicious activity by the tunnel service provider could directly impact the skill's integrity and lead to data breaches or service disruption. Migrate communication to dedicated, secure, and controlled infrastructure. Avoid reliance on public tunneling services for production or sensitive workloads. Implement robust supply chain security practices for all third-party dependencies. | LLM | SKILL.md:69 | |
| MEDIUM | Supply Chain Risk from External CLI Installation The skill instructs the user to download and install 'OpenClawCLI' from 'https://openclawcli.vercel.app/'. This introduces a supply chain risk, as the integrity of the skill's environment depends on the security of this external download source. If 'openclawcli.vercel.app' were compromised, users could unknowingly install malicious software. Provide clear instructions for verifying the authenticity and integrity of external tools (e.g., checksums, signed binaries). Encourage users to install from trusted package managers or official, well-secured repositories. Consider sandboxing the execution environment for such external tools. | LLM | SKILL.md:4 | |
| LOW | Declared Integration with File System The skill explicitly states it is 'Integrated with: ... File System'. While this is a declaration of capability rather than an explicit instruction for the LLM to perform filesystem operations, it indicates that the underlying agent or its tools may have access to the local filesystem. Without proper sandboxing and least privilege principles, this could lead to excessive permissions and potential unauthorized file access or modification. Implement the principle of least privilege for all filesystem interactions. Restrict access to only necessary directories and file types. Ensure that any file operations are performed within a secure, sandboxed environment and that user input is never directly used in file paths or commands. | LLM | SKILL.md:77 |
Scan History
Embed Code
[](https://skillshield.io/report/bc9281a9c1acee2d)
Powered by SkillShield