Trust Assessment
openclaw-arbiter received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Path Traversal in Skill Name Parameter.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-arbiter/scripts/arbiter.py:79 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-arbiter/scripts/arbiter.py:80 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-arbiter/scripts/arbiter.py:82 | |
| HIGH | Path Traversal in Skill Name Parameter The `openclaw-arbiter` skill allows users to specify a `skill_name` for various operations such as `audit`, `quarantine`, `unquarantine`, and `revoke`. The `_get_skill_path` function constructs a `pathlib.Path` object using `workspace_path / skill_name`. If the `skill_name` argument contains path traversal sequences (e.g., `../`), an attacker can manipulate the skill to operate on directories or files outside the intended `workspace_path`. This could lead to arbitrary file deletion (`revoke`), movement (`quarantine`/`unquarantine`), or reading (`audit`) of sensitive files or directories on the system, bypassing the intended scope of the skill's operations. Validate the `skill_name` input to ensure it does not contain path separators (`/` or `\`) or path traversal sequences (`..`). A robust solution would be to resolve the constructed path and verify that it remains a subpath of the `workspace_path`. For example, after `skill_path = workspace_path / skill_name`, add a check like `if not skill_path.resolve().is_relative_to(workspace_path.resolve()): raise ValueError('Path traversal detected')`. | LLM | scripts/arbiter.py:200 |
Scan History
Embed Code
[](https://skillshield.io/report/ce831b6cceeaabdb)
Powered by SkillShield