Trust Assessment
dexter received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $ANTHROPIC_API_KEY, Skill installs into root directory, Unpinned external Git repository clone.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unpinned external Git repository clone The skill clones the `https://github.com/virattt/dexter.git` repository without specifying a commit hash or tag. This means the skill's behavior is dependent on the latest state of the `main` branch (or default branch) of an external repository. Changes to this upstream repository could introduce new vulnerabilities, malicious code, or breaking changes without explicit review or consent, posing a significant supply chain risk. Pin the `git clone` operation to a specific commit hash or tag (e.g., `git clone -b <tag_or_hash> ...`) to ensure deterministic and auditable code execution. Regularly review and update the pinned version. | LLM | SKILL.md:33 | |
| CRITICAL | Skill configures and uses sensitive API keys from untrusted source The skill explicitly instructs the user to provide sensitive API keys (Anthropic, Financial Datasets, Tavily) and then configures them in a `.env` file, making them accessible to the cloned and executed code from `virattt/dexter.git`. If the external repository were compromised or contained malicious code, it could easily exfiltrate these API keys, leading to unauthorized access to external services and potential financial costs or data breaches. Implement a secure secrets management system that provides API keys to the skill's runtime environment without writing them to disk or making them directly accessible to untrusted code. Review the external code for any data exfiltration attempts. Consider using temporary, scoped credentials where possible. | LLM | SKILL.md:45 | |
| HIGH | Skill installs into root directory The skill hardcodes the installation directory to `/root/clawd-workspace/dexter`. This implies the skill expects to be run with root privileges or in an environment where the `/root` directory is writable by the executing user. Running skills with elevated privileges increases the attack surface and potential impact of any vulnerabilities. Change the installation path to a user-specific or temporary directory (e.g., `~/.clawd-workspace/dexter` or a path within the agent's designated workspace) that does not require root privileges. | LLM | SKILL.md:29 | |
| HIGH | Installation of external package dependencies The skill executes `bun install` on code cloned from an external, unpinned Git repository. This command will download and execute potentially numerous third-party packages defined in the `package.json` (and `bun.lockb`) of the external project. These dependencies are not directly managed or audited by the `openclaw/skills` ecosystem, introducing a broad supply chain risk from potentially malicious or vulnerable packages. Implement a robust dependency auditing process. Consider vendoring critical dependencies or using a private package registry. For skills, ideally, all necessary code should be self-contained or explicitly listed and reviewed. | LLM | SKILL.md:38 | |
| MEDIUM | Sensitive environment variable access: $ANTHROPIC_API_KEY Access to sensitive environment variable '$ANTHROPIC_API_KEY' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/igorhvr/dexter/SKILL.md:170 |
Scan History
Embed Code
[](https://skillshield.io/report/854e239b7165075a)
Powered by SkillShield