Security Audit

manus

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

manus received a trust score of 19/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 10 findings: 0 critical, 2 high, 7 medium, and 1 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Sensitive path access: AI agent config.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 28/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

28%

Dependency Graph

98%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

7 findings

Filesystem Write

4 findings

Shell Execution

1 finding

Excessive Permissions

8 findings

Security Findings10

Severity	Finding	Layer	Location
HIGH	Potential data exfiltration: file read + network send Function 'upload_file' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers.	Static	skills/disi3r/openclaw-skill-manus/scripts/upload_file.py:36
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/disi3r/openclaw-skill-manus/SKILL.md:14
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/disi3r/openclaw-skill-manus/scripts/check_status.py:10
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/disi3r/openclaw-skill-manus/scripts/create_project.py:10
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/disi3r/openclaw-skill-manus/scripts/get_result.py:10
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/disi3r/openclaw-skill-manus/scripts/run_task.py:12
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/disi3r/openclaw-skill-manus/scripts/upload_file.py:10
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/disi3r/openclaw-skill-manus/scripts/webhook_server.py:16
MEDIUM	Arbitrary Local File Upload via upload_file.py The `upload_file.py` script allows the agent to upload any file from the local filesystem to the Manus API, given a valid file path. If an attacker can manipulate the agent to call this script with a path to a sensitive file (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `~/.clawdbot/clawdbot.json`), it could lead to data exfiltration. While the destination is the intended Manus API, the capability to read and transmit arbitrary local files represents an excessive permission and a data exfiltration risk if the agent is compromised or maliciously prompted. Implement stricter controls on which files or directories can be uploaded. Consider adding a whitelist of allowed file types or paths, or requiring explicit user confirmation for uploads from sensitive locations. Alternatively, ensure the agent's execution environment has minimal filesystem access.	LLM	scripts/upload_file.py:23
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/disi3r/openclaw-skill-manus/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f19b699f31aef74b.svg)](https://skillshield.io/report/f19b699f31aef74b)