Trust Assessment
openclaw-agent-token-optimizer received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Deprecated skill recommends installing external skill.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Deprecated skill recommends installing external skill The deprecated skill 'openclaw-agent-token-optimizer' explicitly instructs users to install another skill, 'phenomenoner/openclaw-agent-optimize', via 'clawhub install'. This creates a supply chain risk, as users are directed to an external dependency. If the recommended skill were compromised or malicious, this deprecated skill would serve as a vector for a supply chain attack. Remove the installation instruction for the external skill, or clearly state the risks associated with installing external dependencies. If the skill is truly deprecated, it should ideally not direct users to other skills without strong verification of the recommended skill's integrity and origin. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/951b71d3480dac63)
Powered by SkillShield