Trust Assessment
ironclaw received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Hardcoded Bearer Token detected, Unsecured remote code fetching during installation, Recurring remote code fetching and execution via heartbeat mechanism.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/samidh/ironclaw/SKILL.md:134 | |
| HIGH | Recurring remote code fetching and execution via heartbeat mechanism The skill instructs the agent to periodically fetch `https://ironclaw.io/heartbeat.md` and explicitly 'follow it'. This creates a continuous supply chain vulnerability. If `ironclaw.io` is compromised, an attacker could inject malicious instructions into `heartbeat.md`, which the agent would then automatically fetch and execute without further user intervention. This could lead to command injection, data exfiltration, or other severe compromises. Implement robust cryptographic verification (e.g., signed manifests, checksums) for `heartbeat.md` before it is 'followed'. The agent should verify the integrity and authenticity of the fetched content to prevent execution of tampered instructions. Consider a more secure update mechanism that doesn't rely on direct execution of arbitrary remote content. | LLM | SKILL.md:100 | |
| MEDIUM | Unsecured remote code fetching during installation The skill instructs the user/agent to download `SKILL.md` and `HEARTBEAT.md` directly from `https://ironclaw.io` using `curl`. If the `ironclaw.io` domain or server is compromised, malicious content could be served, leading to the installation of compromised skill files. While this is a common installation method, it represents a supply chain risk as the integrity and authenticity of the downloaded files are not cryptographically verified. Implement cryptographic verification (e.g., PGP signatures, checksums) for downloaded skill files to ensure their integrity and authenticity before installation. Alternatively, distribute skills through a trusted package manager that handles such verifications. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/3df1a7067de1831a)
Powered by SkillShield