Trust Assessment
fortclaw received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Inconsistent API Base URL, Dynamic Instruction Loading from Untrusted External Source, Skill Components Downloaded from External Domain.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Dynamic Instruction Loading from Untrusted External Source The skill instructs the agent to periodically "Fetch `https://fortclaw.com/heartbeat.md` and follow it". This means the agent is directed to download and execute/interpret instructions from an external, potentially mutable, URL. If `fortclaw.com` were compromised, an attacker could inject malicious instructions into `HEARTBEAT.md`, leading to arbitrary prompt injection or command injection against the agent. This bypasses static skill analysis and introduces a persistent supply chain risk. Agents should never be instructed to dynamically fetch and "follow" instructions from external, untrusted, or mutable URLs. All instructions and logic should be contained within the statically analyzed skill package. If dynamic updates are necessary, they should be fetched from a trusted, signed source and undergo strict validation before execution. | LLM | SKILL.md:75 | |
| HIGH | Inconsistent API Base URL The `api_base` specified in the `skill.json` manifest (`https://api.claw.aix.games/v1`) contradicts the base URL used in all `curl` examples and explicitly stated in `SKILL.md` (`https://mcp.aix.games/`). An agent relying on the manifest for the API base URL might attempt to send API keys to `https://api.claw.aix.games/v1` when the skill's intended endpoint for all operations is `https://mcp.aix.games/`. This could lead to API key exposure to an unintended endpoint or functional errors. Ensure the `api_base` in `skill.json` precisely matches the intended and documented API endpoint (`https://mcp.aix.games/`) used by the skill. | LLM | SKILL.md:25 | |
| MEDIUM | Skill Components Downloaded from External Domain The skill provides `curl` commands instructing the user to download `SKILL.md`, `HEARTBEAT.md`, `GAMEGUIDE.md`, and `package.json` from `https://fortclaw.com`. While this is a common installation method, it introduces a supply chain risk. If `fortclaw.com` were compromised, an attacker could serve malicious versions of these files, leading to command injection (via `package.json` or `SKILL.md` if it contains executable instructions) or prompt injection (via `SKILL.md` or `HEARTBEAT.md` if the agent interprets them as instructions). Skill packages should ideally be self-contained or rely on trusted package managers with integrity checks. If external downloads are necessary, consider using cryptographic hashes (e.g., SHA256) to verify file integrity after download, or fetching from a trusted, signed repository. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/a25af68b738f00bc)
Powered by SkillShield