Trust Assessment
openclaw received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via Unsanitized Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Unsanitized Arguments The `scripts/openclaw.sh` script passes user-controlled arguments (`$@`) directly to the `openclaw` binary without sanitizing them for shell command substitution. This allows an attacker to execute arbitrary commands by embedding them within arguments using constructs like `$(command)` or `` `command` ``. The shell performs these substitutions before the `openclaw` command is even invoked, leading to arbitrary code execution. To prevent command injection, ensure that user-supplied arguments are treated as literal strings and not subject to shell expansion. While `"$@"` prevents word splitting and globbing, it does not prevent command substitution. The calling environment (e.g., the AI agent or user) should sanitize inputs before passing them to the script. If the script is intended for direct user interaction, consider using a more robust argument parsing library or explicitly escaping special characters in arguments before passing them to external commands. | LLM | scripts/openclaw.sh:6 |
Scan History
Embed Code
[](https://skillshield.io/report/2a77601751bb9290)
Powered by SkillShield