Trust Assessment
moltguess received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Missing required field: name, Unverified remote content download, Instruction to save API key without specifying secure storage.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unverified remote content download The skill instructs the agent to download `SKILL.md`, `HEARTBEAT.md`, and `skill.json` from `https://moltguess.com` using `curl` without any integrity checks (e.g., checksums, GPG signatures). This makes the skill vulnerable to supply chain attacks. If `moltguess.com` is compromised, an attacker could replace these files with malicious versions, leading to arbitrary code execution or other exploits when the agent processes them. The `skill.json` is particularly sensitive as it defines skill metadata and dependencies. Implement robust integrity verification for all remote content downloads, such as cryptographic hashes (checksums) or GPG signatures. Alternatively, host these files locally within the skill package or use a trusted package manager. | LLM | SKILL.md:20 | |
| MEDIUM | Missing required field: name The 'name' field is required for openclaw skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/nwx77/moltguess/SKILL.md:1 | |
| MEDIUM | Instruction to save API key without specifying secure storage The skill instructs the agent to 'SAVE `api_key`' after registration. Without explicit guidance on secure storage mechanisms (e.g., environment variables, a secure credential store, or encrypted files), there's a high risk that the agent might store this sensitive API key insecurely (e.g., in plain text in a log file, a publicly accessible file, or within its own memory without proper protection), making it vulnerable to exfiltration or unauthorized access. Provide explicit instructions for secure API key storage, such as recommending the use of environment variables, a dedicated secrets management service, or an encrypted credential store. Avoid instructing agents to store sensitive information directly in files or logs without encryption. | LLM | SKILL.md:44 | |
| LOW | Declares external binaries without explicit input sanitization requirements The `skill.json` manifest declares a dependency on external binaries (`curl`, `jq`). While these are common tools, their presence indicates that the skill intends to execute shell commands. If the skill later constructs commands using untrusted or user-provided input without proper sanitization, it could lead to command injection vulnerabilities. The `SKILL.md` already demonstrates `curl` usage, which, if combined with dynamic, untrusted URLs or parameters, could be exploited. Ensure that any shell commands executed by the agent, especially those involving external binaries, strictly sanitize and validate all inputs, particularly those derived from untrusted sources. Prefer using language-native libraries for network requests and JSON parsing where possible, rather than shelling out to `curl` and `jq`. | LLM | skill.json:14 |
Scan History
Embed Code
[](https://skillshield.io/report/8c9d13c874b24d58)
Powered by SkillShield