Trust Assessment
dont-hack-me received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 7 findings: 0 critical, 2 high, 5 medium, and 0 low severity. Key findings include Skill instructs shell command execution for file permissions, Skill instructs shell command execution for service restart, Skill instructs shell command execution for token generation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 35/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructed to read and parse sensitive configuration file The skill is explicitly instructed to read and parse `~/.clawdbot/clawdbot.json`, which is known to contain sensitive information such as API tokens, passwords, and other secrets. While necessary for its stated purpose (security audit), this grants the skill broad access to highly sensitive data. A compromised or malicious skill could exfiltrate these credentials (Data Exfiltration / Credential Harvesting). Implement strict sandboxing and access controls for skills. Ensure that access to sensitive files is granted only through explicit, auditable APIs with minimal necessary permissions, and that any data read is processed within a secure environment without external communication channels. | LLM | SKILL.md:27 | |
| HIGH | Skill instructed to modify sensitive configuration file The skill is explicitly instructed to modify `~/.clawdbot/clawdbot.json` using an 'edit/write tool' to apply auto-fixes. This grants the skill write access to a highly sensitive configuration file. A compromised or malicious skill could introduce backdoors, weaken security settings, or exfiltrate newly generated credentials (e.g., tokens) before they are used (Data Exfiltration / Credential Harvesting). Implement strict sandboxing and access controls for skills. Ensure that write access to sensitive files is granted only through explicit, auditable APIs with minimal necessary permissions. Changes should be reviewed and confirmed by the user before application. | LLM | SKILL.md:109 | |
| MEDIUM | Skill instructs shell command execution for file permissions The skill explicitly instructs the execution of a shell command (`stat`) to retrieve file permissions. While `stat` is benign and serves the skill's purpose, this demonstrates the skill's capability to execute arbitrary shell commands. This capability poses a risk if the skill were compromised or manipulated, potentially leading to command injection. Restrict the agent's ability to execute arbitrary shell commands. If file permission checks are necessary, use a dedicated, sandboxed API for file system metadata rather than direct shell access. | LLM | SKILL.md:30 | |
| MEDIUM | Skill instructs shell command execution for service restart The skill explicitly instructs the execution of `clawdbot gateway restart` to apply new settings. This demonstrates the skill's capability to execute arbitrary shell commands and interact with system services. This is a command injection risk if the skill were compromised or manipulated. Restrict the agent's ability to execute arbitrary shell commands. If service control is necessary, use a dedicated, sandboxed API for system management rather than direct shell access. | LLM | SKILL.md:99 | |
| MEDIUM | Skill instructs shell command execution for token generation The skill explicitly instructs the execution of `openssl rand -hex 24` to generate new authentication tokens. This demonstrates the skill's capability to execute arbitrary shell commands. While `openssl` is used for a legitimate purpose here, the underlying capability is a command injection risk if the skill were compromised or manipulated. Restrict the agent's ability to execute arbitrary shell commands. If token generation is necessary, use a dedicated, sandboxed API for cryptographic operations rather than direct shell access. | LLM | SKILL.md:120 | |
| MEDIUM | Skill instructs shell command execution for file permission modification The skill explicitly instructs the execution of `chmod 600 ~/.clawdbot/clawdbot.json` to fix file permissions. This demonstrates the skill's capability to execute arbitrary shell commands and modify file system permissions. This is a significant command injection risk if the skill were compromised or manipulated. Restrict the agent's ability to execute arbitrary shell commands. If file permission modification is necessary, use a dedicated, sandboxed API for file system operations rather than direct shell access. | LLM | SKILL.md:145 | |
| MEDIUM | Skill instructs shell command execution for file backup The skill explicitly instructs the execution of `cp ~/.clawdbot/clawdbot.json ~/.clawdbot/clawdbot.json.bak` to create a backup. This demonstrates the skill's capability to execute arbitrary shell commands and perform file system operations. This is a command injection risk if the skill were compromised or manipulated. Restrict the agent's ability to execute arbitrary shell commands. If file backup is necessary, use a dedicated, sandboxed API for file system operations rather than direct shell access. | LLM | SKILL.md:160 |
Scan History
Embed Code
[](https://skillshield.io/report/4ef75a1c85519ad5)
Powered by SkillShield