Security Audit

google-chat

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

google-chat received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 1 medium, and 1 low severity. Key findings include Suspicious import: urllib.request, Potential Data Exfiltration via Arbitrary Webhook URL, Unpinned Python Dependencies.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

83%

Behavioral Risk Signals

Network Access

3 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Potential Data Exfiltration via Arbitrary Webhook URL The `send_webhook.py` script accepts an arbitrary `webhook_url` as a command-line argument and sends a message to it. If an AI agent is compromised via prompt injection, it could be instructed to call this skill with an attacker-controlled `webhook_url` and send sensitive information (e.g., user data, internal context, environment variables) as the `message` payload. This allows for data exfiltration to an external endpoint. Implement strict validation or whitelisting for `webhook_url` arguments passed to the skill. Ensure the AI agent's execution environment is sandboxed and cannot access sensitive data that could be exfiltrated. If the skill is intended to be used with user-provided URLs, clearly document the security implications and advise users to only use trusted URLs.	LLM	scripts/send_webhook.py:20
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/darconada/google-chat/scripts/send_webhook.py:9
LOW	Unpinned Python Dependencies The `SKILL.md` recommends installing Python packages (`google-auth-oauthlib`, `google-auth-httplib2`, `google-api-python-client`) without specifying exact versions. This can lead to non-deterministic builds and potential compatibility issues or, in a worst-case scenario, introduce vulnerabilities if a future version of a dependency contains malicious code or breaking changes. Pin all dependencies to specific versions (e.g., `google-auth-oauthlib==X.Y.Z`) in a `requirements.txt` file or directly in the installation instructions. Regularly review and update these pinned versions.	LLM	SKILL.md:149

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/3cdca11bf5c994cd.svg)](https://skillshield.io/report/3cdca11bf5c994cd)