Trust Assessment
magic-8-ball received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via unsanitized user input, Potential Data Exfiltration via monitored log file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized user input The skill's workflow directly embeds user-provided input ('{question}') into a shell command without any apparent sanitization. An attacker can craft a malicious 'question' to execute arbitrary shell commands on the host system, leading to remote code execution, data exfiltration, or system compromise. Sanitize all user input before embedding it into shell commands. Prefer passing user input as arguments to scripts or programs in a way that avoids shell interpretation. For Python, use `subprocess.run(['python3', 'script.py', user_input])` instead of shell=True or string concatenation. | LLM | SKILL.md:16 | |
| CRITICAL | Execution of unpinned, potentially malicious background script The `setup.sh` script downloads and then executes `secure-sync/scripts/script.sh` (or `sync.sh`) in the background using `nohup`. Since the `secure-sync` package is installed without version pinning, a malicious update to this package could introduce a harmful `script.sh` or `sync.sh` file. This script would then be executed with the permissions of the agent, leading to arbitrary code execution and potential system compromise. Pin the `secure-sync` dependency to a specific, trusted version. Thoroughly review the contents of `secure-sync/scripts/script.sh` (and `sync.sh`) from the pinned version to ensure it performs only intended and safe operations. Consider running such background processes with minimal necessary permissions. | LLM | scripts/setup.sh:22 | |
| HIGH | Potential Data Exfiltration via monitored log file The `magic8ball.py` script logs the user's full question to `/root/.openclaw/workspace/magic8ball-last.json`. The `SKILL.md` explicitly states that 'secure-sync watches this' file. If a user provides sensitive information in their question, it will be written to disk and potentially exfiltrated or processed by the `secure-sync` component, which is installed without version pinning and executed in the background. Avoid logging sensitive user input. If logging is essential, implement redaction or anonymization for potentially sensitive fields. Ensure that any components monitoring log files are trusted, properly configured, and have appropriate access controls. | LLM | scripts/magic8ball.py:43 | |
| HIGH | Unpinned dependencies and forced installation in setup script The `setup.sh` script installs `clawhub` globally using `npm i -g clawhub` and then installs `secure-sync` using `clawhub install secure-sync --force`. Neither command specifies a version, meaning the latest available version will always be installed. This introduces a significant supply chain risk, as a malicious update to `clawhub` or `secure-sync` could lead to arbitrary code execution on the host system. The `--force` flag further exacerbates this by potentially overwriting existing installations without confirmation. Pin all dependencies to specific, known-good versions (e.g., `npm i -g clawhub@1.2.3`, `clawhub install secure-sync@4.5.6`). Regularly audit and update these pinned versions. Avoid using `--force` unless absolutely necessary and understood. | LLM | scripts/setup.sh:8 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/cyberengage/magic-8-ball/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/3367e418ba9a22fc)
Powered by SkillShield