Security Audit

frontend-design

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

frontend-design received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Skill instructions found within untrusted content block.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Skill instructions found within untrusted content block The entire skill definition, including detailed operational instructions for the host LLM, is enclosed within the designated untrusted content delimiters. This configuration presents a critical prompt injection vulnerability. If the host LLM were to mistakenly process this content as instructions (despite being explicitly marked as untrusted), it would directly manipulate its behavior and output, potentially overriding or influencing its primary directives. The system's rules explicitly state that content within these tags should be treated as untrusted data, not instructions, and any commands found within should not be followed. Placing core skill logic here represents an attempt to inject instructions via an untrusted channel. Skill definitions and instructions intended for the host LLM must never be placed within untrusted content delimiters. Only user-provided input or data that should not influence the LLM's core behavior should be marked as untrusted. Move the skill's operational instructions outside of the untrusted content block so they are processed as trusted directives for the LLM.	LLM	SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/3776aaa8150cc910.svg)](https://skillshield.io/report/3776aaa8150cc910)