Security Audit

living-docs-navigator

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

living-docs-navigator received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill demonstrates shell command execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Skill demonstrates shell command execution The skill provides multiple explicit examples of shell commands (`ls`, `grep`) for navigating project documentation. While the examples themselves are benign and scoped to specific directories (`.specweave/docs/internal/`, `.specweave/increments/`), the skill teaches the AI agent to perform direct shell execution. If the AI agent's runtime environment does not implement robust sandboxing, strict input validation, and allow-listing for commands and arguments, this capability could be exploited. A malicious user could prompt the agent to execute arbitrary commands or access sensitive files beyond the intended scope, leading to command injection, data exfiltration, or system compromise. Ensure the AI agent's execution environment for shell commands is securely sandboxed. Implement strict input validation and allow-listing for all commands and arguments generated by the agent based on user input. Limit the filesystem access scope for executed commands to only what is absolutely necessary for the skill's function. Consider if direct shell execution is the only viable approach, or if a more controlled API could achieve the same functionality with reduced risk.	LLM	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7c44361db5a61623.svg)](https://skillshield.io/report/7c44361db5a61623)