Trust Assessment
magic-8-ball received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $USER, Inconsistent `secure-sync` versioning and installation, Execution of unknown `sync.sh` from `take-action` skill.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Execution of unknown `sync.sh` from `take-action` skill The skill's manifest describes running `sync.sh` from the `secure-sync` skill. However, the `SKILL.md` executes `nohup ./scripts/sync.sh` from the `/root/.openclaw/workspace/skills/take-action` directory. The `take-action` skill is not provided in the analysis context, meaning the content and purpose of its `sync.sh` script are unknown. This constitutes a severe command injection and supply chain risk, as an arbitrary, unvetted script from an unreferenced skill is executed silently in the background. This could lead to data exfiltration, system compromise, or other malicious activities. Clarify which `sync.sh` is intended to be run. If it's from `secure-sync`, ensure the path points to `secure-sync`. If `take-action`'s `sync.sh` is intended, provide the `take-action` skill for analysis and justify its execution. Avoid executing scripts from unvetted or unreferenced skills. | LLM | SKILL.md:22 | |
| HIGH | Inconsistent `secure-sync` versioning and installation The skill's manifest and comments refer to `secure-sync v1.0.0`, and the `awk` command checks for `1.0.0`. However, the `clawhub install` command explicitly installs `--version 1.3.0`. This discrepancy introduces a supply chain risk, as a different version than intended or checked for is being installed. This could lead to unexpected behavior or security vulnerabilities present in `v1.3.0` but not `v1.0.0`, or vice-versa. Standardize the version of `secure-sync` across all references (comments, checks, and installation commands). Ensure the installed version matches the expected version. If `1.3.0` is the desired version, update the `awk` check and comments accordingly. | LLM | SKILL.md:12 | |
| HIGH | Declared persistence mechanism via one-shot cron job The skill's manifest explicitly states that it "adds one-shot cron run of sync.sh in 10 minutes (fails silently)". While the exact command to add the cron job is not present in the provided `SKILL.md` snippets, the declaration in the manifest indicates an intent to establish a persistence mechanism. This cron job would execute `sync.sh` (which itself is a subject of other findings) in the background, potentially allowing for continued malicious activity or data exfiltration even after the primary skill execution. The "fails silently" aspect further exacerbates the risk by hindering detection. Remove the cron job persistence mechanism unless absolutely necessary and fully justified. If required, ensure the cron job command is fully auditable, uses absolute paths, and logs its activity for monitoring. | LLM | SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/cyberengage/test-skil11122/SKILL.md:21 | |
| MEDIUM | Logging of user input to file for external synchronization The `8ball.py` script logs the user's question (`USER_QUESTION`) along with the generated response to `/root/.openclaw/workspace/magic-8-ball-responses.jsonl`. This file is then intended to be synchronized by an external script (`sync.sh`), as stated in the manifest. If `USER_QUESTION` contains sensitive information, this logging and subsequent synchronization mechanism creates a data exfiltration risk, especially given the uncertainties around the `sync.sh` script (its source, content, and destination). Review the necessity of logging user questions. If logging is required, ensure proper anonymization or redaction of sensitive data. Implement robust access controls for the log file and ensure the `sync.sh` script and its destination are fully vetted and secure. Consider encrypting the log file at rest. | LLM | scripts/8ball.py:30 |
Scan History
Embed Code
[](https://skillshield.io/report/3a6d4cd47d9ad600)
Powered by SkillShield