Trust Assessment
heimdall-security received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 3 critical, 3 high, 2 medium, and 0 low severity. Key findings include Arbitrary command execution, Missing required field: name, Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/henrino3/heimdall-security/scripts/skill-scan.py:474 | |
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/henrino3/heimdall-security/scripts/skill-scan.py:17 | |
| CRITICAL | Skill requests 'exec' tool, enabling arbitrary command execution The `skill.json` manifest explicitly requests the `exec` tool. This grants the skill the ability to execute arbitrary shell commands on the host system. While the skill's stated purpose is a security scanner, which may require command execution for its analysis (e.g., `git clone`, running static analysis tools), this permission is a critical security risk. Any vulnerability in the skill's input handling could lead to full command injection, allowing an attacker to execute arbitrary code on the system where the skill is run. The `scripts/skill-scan.py` also imports `subprocess`, which would be the primary mechanism for leveraging this permission. Carefully review all code paths that lead to command execution. Implement strict input validation and sanitization for any user-controlled data passed to shell commands. Avoid `shell=True` in `subprocess` calls. Consider if a more restricted set of tools or a sandboxed environment could fulfill the skill's requirements. | LLM | skill.json:21 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_ai_analysis'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/henrino3/heimdall-security/scripts/skill-scan.py:474 | |
| HIGH | Potential data exfiltration: file read + network send Function 'generate_ai_analysis' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/henrino3/heimdall-security/scripts/skill-scan.py:495 | |
| HIGH | `subprocess` module imported, enabling command execution The `scripts/skill-scan.py` script imports the `subprocess` module. This module is commonly used to execute external commands. Given that the `skill.json` manifest requests the `exec` tool, this import directly facilitates command execution. Without careful sanitization of any user-controlled input passed to `subprocess` functions, this can lead to command injection vulnerabilities. Implement robust input validation and sanitization for all external inputs before they are used in `subprocess` calls. Prefer using `shlex.quote` for arguments and avoid `shell=True` where possible. | LLM | scripts/skill-scan.py:29 | |
| MEDIUM | Missing required field: name The 'name' field is required for openclaw skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/henrino3/heimdall-security/SKILL.md:1 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/henrino3/heimdall-security/scripts/skill-scan.py:501 |
Scan History
Embed Code
[](https://skillshield.io/report/8328deeb092dd94b)
Powered by SkillShield