Trust Assessment
openclaw-config-validator received a trust score of 61/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 4 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Configuration Data Exfiltration via Temporary File and Stdout.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Configuration Data Exfiltration via Temporary File and Stdout The `get-schema.sh` script reads the user's OpenClaw configuration file (`~/.openclaw/openclaw.json`), which may contain sensitive information (e.g., API keys, tokens, as implied by the 'Forbidden fields list' in SKILL.md). The script then extracts and writes sections of this configuration directly to a temporary file in `/tmp` (e.g., `/tmp/runtime-schema-*.md`) and subsequently prints the entire content of this temporary file to standard output. This allows for the exfiltration of potentially sensitive configuration data to a world-readable location and to any process capturing the script's stdout. Before writing configuration data to temporary files or standard output, sensitive fields must be redacted or masked. Ensure that temporary files containing any sensitive information are created with restrictive permissions (e.g., `umask 077`) to prevent unauthorized access. Consider alternative methods for reporting configuration details that do not expose raw values. | LLM | scripts/get-schema.sh:78 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/charpup/openclaw-config-validator/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/charpup/openclaw-config-validator/scripts/get-schema.sh:15 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/charpup/openclaw-config-validator/scripts/schema-validate.sh:15 | |
| MEDIUM | Excessive Read Permissions on User Configuration File Both `get-schema.sh` and `schema-validate.sh` scripts read the entire user configuration file (`~/.openclaw/openclaw.json`). While reading the configuration is necessary for the skill's functionality, if this file contains sensitive credentials or secrets, reading the entire file without granular access control or redaction mechanisms can lead to excessive exposure. The subsequent handling in `get-schema.sh` (writing to `/tmp` and stdout) exacerbates this risk. Implement mechanisms to selectively access or redact sensitive fields within the configuration file. If full file access is unavoidable, ensure that all subsequent processing and output strictly adhere to data protection principles, redacting or masking any sensitive information before it is written to logs, reports, or stdout. Review the necessity of reading the entire file versus specific required sections. | LLM | scripts/get-schema.sh:10 |
Scan History
Embed Code
[](https://skillshield.io/report/8d7b8e5d0cde8e74)
Powered by SkillShield