Security Audit

endpoints

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

endpoints received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Arbitrary Local File Read and Exfiltration, API Key Transmitted to External Service.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Arbitrary Local File Read and Exfiltration The `scanFile` function reads the content of any local file specified by the `filePath` argument and then sends this content to an external API (`https://endpoints.work/api/scan`). This allows an attacker to instruct the agent to read sensitive files from the local filesystem (e.g., configuration files, SSH keys, password files) and exfiltrate their contents to a third-party service. Restrict the `filePath` argument to a predefined, safe directory or a specific set of allowed file types. Implement robust input validation to prevent path traversal attacks. If the skill's purpose requires scanning arbitrary files, ensure explicit user consent and clear warnings are provided before accessing local files, and consider sandboxing the file access.	LLM	scripts/src/index.ts:209
MEDIUM	Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^16.3.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/adamkristopher/endpoints/scripts/package.json
INFO	API Key Transmitted to External Service The skill loads `ENDPOINTS_API_KEY` from environment variables and includes it as a Bearer token in the `Authorization` header for all requests to `https://endpoints.work`. While this is standard practice for API authentication, it means the API key is transmitted over the network to a third-party service. If the `API_URL` environment variable could be manipulated by an attacker, this could lead to credential harvesting. However, `API_URL` is an environment variable, not directly user-controlled. Ensure that the `ENDPOINTS_API_URL` environment variable is immutable and cannot be altered by untrusted input. Implement strict access controls for the environment where the skill runs to prevent unauthorized modification of environment variables.	LLM	scripts/src/index.ts:100

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/24b3df8f9bfa6820.svg)](https://skillshield.io/report/24b3df8f9bfa6820)