Security Audit

gitea

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

gitea received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Skill allows creation of webhooks to arbitrary URLs, Skill allows deletion of repositories, Skill allows creation of action secrets.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

3 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Skill allows creation of webhooks to arbitrary URLs The skill exposes the `tea webhooks create` command, which allows an agent to create webhooks that send Gitea events to any specified URL. If an LLM is prompted with untrusted input, it could be coerced into creating a webhook to an attacker-controlled server, leading to data exfiltration of Gitea events (e.g., push, pull_request events). Implement strict validation and allowlisting for webhook URLs. Do not allow the LLM to generate or use arbitrary URLs for webhooks. Consider requiring human approval for webhook creation.	LLM	SKILL.md:130
HIGH	Skill allows deletion of repositories The skill exposes the `tea repos delete` command, which allows an agent to permanently delete repositories. If an LLM is prompted with untrusted input, it could be coerced into deleting critical repositories, leading to significant data loss and denial of service. Implement strict access controls and require explicit human confirmation for repository deletion operations. Do not allow the LLM to initiate repository deletion without strong safeguards.	LLM	SKILL.md:40
MEDIUM	Skill allows creation of action secrets The skill exposes the `tea actions secrets create` command, which allows an agent to create new secrets within Gitea actions. If an LLM is prompted with untrusted input, it could be coerced into injecting malicious secrets into CI/CD pipelines, potentially leading to supply chain attacks, privilege escalation, or unauthorized access to resources. Implement strict validation and approval processes for creating action secrets. Ensure that the LLM cannot inject arbitrary values or names for secrets without human oversight.	LLM	SKILL.md:109

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/283a0e880d61f298.svg)](https://skillshield.io/report/283a0e880d61f298)