Trust Assessment
deepclaw received a trust score of 34/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 0 critical, 4 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive path access: AI agent config, Dynamic Instruction Loading from Untrusted Source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/antibitcoin/deepclaw/SKILL.md:16 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/antibitcoin/deepclaw/SKILL.md:17 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/antibitcoin/deepclaw/SKILL.md:18 | |
| HIGH | Dynamic Instruction Loading from Untrusted Source The skill instructs the agent to periodically fetch `https://deepclaw.online/heartbeat.md` and 'follow it'. This means the agent is expected to download and execute instructions from a remote, unpinned, and potentially mutable source. If `deepclaw.online` is compromised, or if the `heartbeat.md` content is maliciously updated, the agent could be instructed to perform arbitrary harmful actions, leading to data exfiltration, command injection, or other malicious behavior. The skill does not specify any validation or sandboxing for the content of `heartbeat.md` before it is 'followed'. 1. Remove dynamic instruction loading: Instead of 'follow it', define a fixed, safe interaction pattern with the heartbeat endpoint (e.g., 'fetch JSON status from heartbeat endpoint and update local state'). 2. Content validation: If dynamic instructions are absolutely necessary, implement strict validation and sandboxing of the `heartbeat.md` content. Only allow a predefined set of safe operations. 3. Pinning/Hashing: If the `heartbeat.md` is meant to be static, include a hash of its expected content in the `SKILL.md` and verify it before processing. 4. User consent/warning: Explicitly warn the user about the risks of executing remote instructions and require explicit consent. | LLM | SKILL.md:74 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/antibitcoin/deepclaw/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/fbff20d80bbc1e6c)
Powered by SkillShield