Trust Assessment
openclaw-security received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `--workspace` argument, Reliance on external skill repository (ClawHub) introduces supply chain risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `--workspace` argument The skill's documentation shows commands invoking `python3 {baseDir}/scripts/security.py` with a user-provided `--workspace` argument. If the `security.py` script does not properly sanitize or escape this argument before using it in shell commands or subprocess calls, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. The `security.py` script must rigorously sanitize and escape the `--workspace` argument before using it in any shell-executing functions (e.g., `subprocess.run(..., shell=True)` or `os.system()`). Prefer using `subprocess.run()` with `shell=False` and passing arguments as a list to avoid shell interpretation. | LLM | SKILL.md:10 | |
| HIGH | Reliance on external skill repository (ClawHub) introduces supply chain risk The skill explicitly states its core functionality involves installing and updating other security skills from 'ClawHub'. This introduces a significant supply chain risk. If the ClawHub repository is compromised, or if malicious skills are published there, this skill could be used to install and update untrusted or malicious software on the agent's system, acting as a central orchestrator for potentially compromised dependencies. Implement robust verification mechanisms for skills downloaded from ClawHub, such as cryptographic signing verification, checksum validation, and sandboxing. Consider pinning specific versions of skills rather than always updating to the 'latest' to prevent automatic installation of potentially malicious updates. Provide clear warnings to users about the risks associated with installing skills from external repositories. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/61feed21761cad36)
Powered by SkillShield