Security Audit

insecure-defaults

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

insecure-defaults received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Dangerous tool allowed: Bash, Excessive 'Bash' tool permission declared.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints.	Static	skills/atlas-secint/insecure-defaults/SKILL.md:1
MEDIUM	Excessive 'Bash' tool permission declared The skill 'insecure-defaults' declares 'Bash' as an allowed tool in its manifest. While the skill's purpose is security analysis, which can sometimes require broad system access, the current skill description (a rubric for finding insecure defaults) primarily outlines pattern matching and conceptual verification steps that could largely be accomplished with 'Read', 'Grep', and 'Glob'. The skill does not explicitly detail complex operations or external tool invocations that would necessitate the full capabilities of 'Bash', making this permission potentially excessive and increasing the attack surface if the skill were to be exploited or misused. Review the necessity of the 'Bash' tool. If specific 'Bash' commands are required, document their purpose and consider if more granular tools or a more restricted 'Bash' environment could be used. If not strictly necessary for the skill's core functionality as described, remove 'Bash' from 'allowed-tools'.	LLM	Manifest:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/6c62dfb53d55c28e.svg)](https://skillshield.io/report/6c62dfb53d55c28e)