Trust Assessment
idea-clawdbot received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Sub-agent Prompt Injection via Idea Description, Potential Path Traversal Vulnerability via Idea Slug.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Sub-agent Prompt Injection via Idea Description The skill's design explicitly passes user-provided `[description]` directly into a sub-agent's prompt template (`{IDEA_DESCRIPTION}`) without any described sanitization or validation. This allows an attacker to inject malicious instructions into the sub-agent, potentially overriding its intended task, exfiltrating data (e.g., by instructing it to read other files), or performing unauthorized actions if the sub-agent has access to sensitive functions or data (such as file system write/read access, which is implied by its ability to write `research.md`). Implement robust input sanitization and validation for the `[description]` before inserting it into the sub-agent's prompt. Consider using a structured input mechanism or a separate LLM call to validate and rephrase the user's idea into a safe, constrained prompt for the sub-agent. Additionally, ensure the sub-agent operates in a highly sandboxed environment with minimal necessary permissions to mitigate the impact of any successful injection. | LLM | SKILL.md:89 | |
| HIGH | Potential Path Traversal Vulnerability via Idea Slug The skill instructs to 'Create a slug from the idea (lowercase, hyphens)' which is then used to construct a file path (`~/clawd/ideas/<slug>/research.md`). If the slug generation logic does not sufficiently sanitize the user-provided idea description to prevent directory traversal sequences (e.g., `../`, `/`), a malicious user could craft an idea description that leads to writing files outside the intended `~/clawd/ideas/` directory, potentially overwriting or creating files in sensitive locations. Ensure the slug generation function strictly sanitizes the input to remove or escape any directory traversal characters (e.g., `/`, `\`, `..`) and limits the slug to alphanumeric characters and hyphens only. A robust slugification library should be used to prevent this vulnerability. | LLM | SKILL.md:42 |
Scan History
Embed Code
[](https://skillshield.io/report/865b2037bf95e7b3)
Powered by SkillShield