Trust Assessment
hire received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unsanitized user input in `config.patch` JSON payload, Automated, unconfirmed modification of core OpenClaw configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized user input in `config.patch` JSON payload The skill instructs the agent to construct a JSON string for the `config.patch` command's `raw` parameter. This JSON string embeds values like `<name>` and `<selected-model>` which are derived from user input or agent selection. If these values are not properly escaped (e.g., by replacing double quotes `"` with `\"`), a malicious user could inject arbitrary JSON into the `raw` string. This could lead to malformed configuration, unintended changes to the OpenClaw system configuration, or potentially further command execution if the `config.patch` endpoint is vulnerable to JSON-based command injection. Ensure all user-provided or dynamically generated strings embedded into JSON payloads are properly escaped (e.g., using a JSON serialization library function that handles special characters) before being included in the `raw` parameter of `config.patch`. | LLM | SKILL.md:140 | |
| HIGH | Automated, unconfirmed modification of core OpenClaw configuration The skill explicitly mandates the automated update of the OpenClaw configuration via `config.patch` without requiring explicit user confirmation for the specific configuration changes. This grants the skill broad permissions to modify critical system settings, including adding/removing agents, changing their models, and altering their allowed sub-agents. While the skill's purpose is to configure a new agent, performing such a high-privilege action automatically and without granular user review of the final configuration changes represents an excessive permission. Implement a step where the agent presents the *full, final JSON payload* of the `config.patch` operation to the user for explicit confirmation (e.g., "Please confirm these changes to your OpenClaw configuration: [JSON payload]. Type 'yes' to proceed.") before executing the `config.patch` command. This ensures the user is aware of and approves the exact changes being made. | LLM | SKILL.md:130 |
Scan History
Embed Code
[](https://skillshield.io/report/16f3442fc6b5c3e8)
Powered by SkillShield