Trust Assessment
openclaw-security received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via `--workspace` argument, Skill requires broad system access for security operations, Unverified supply chain for tool installation/updates via 'ClawHub'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `--workspace` argument The skill's usage examples in `SKILL.md` show execution of `python3 {baseDir}/scripts/security.py` with a `--workspace` argument, which is expected to be a user-provided path. If the `security.py` script does not properly sanitize or validate this user-controlled path before using it in shell commands (e.g., `subprocess.run(shell=True)` or `os.system()`), an attacker could inject arbitrary shell commands by crafting a malicious path (e.g., `/tmp; rm -rf /`). This presents a credible exploit path for arbitrary code execution. The `security.py` script must strictly validate and sanitize all user-provided arguments, especially file paths, before using them in any shell commands. Avoid `shell=True` in `subprocess.run` and prefer passing arguments as a list. If shell execution is unavoidable, ensure proper escaping of user input to prevent metacharacter interpretation. | LLM | SKILL.md:10 | |
| HIGH | Unverified supply chain for tool installation/updates via 'ClawHub' The skill explicitly states it 'Installs all 11 free security skills from ClawHub' and 'Updates all installed security skills to latest versions via ClawHub'. Relying on an external, unspecified source ('ClawHub') for installing and updating critical security tools introduces a significant supply chain risk. Without robust mechanisms to verify the integrity and authenticity of packages downloaded from ClawHub (e.g., cryptographic signatures, checksums, trusted repositories), a compromise of ClawHub or the download process could lead to the installation of malicious software, directly impacting the security of the agent's workspace. Implement robust supply chain security measures. This includes verifying cryptographic signatures of downloaded packages, using trusted and immutable repositories, pinning dependencies to specific versions, and regularly auditing the integrity of the supply chain. Provide clear documentation on how 'ClawHub' ensures the security and authenticity of its distributed tools. | LLM | SKILL.md:15 | |
| MEDIUM | Skill requires broad system access for security operations The skill is described as a 'Unified security suite' capable of installing, updating, scanning, and orchestrating security tools across the workspace. This functionality inherently requires extensive system permissions, including filesystem write access (for installation/updates), network access (for 'ClawHub' downloads), and potentially elevated privileges for system-level changes (e.g., 'enforce policies', 'revoke permissions'). While these permissions may be necessary for its stated purpose, this broad access significantly increases the attack surface if the skill itself is compromised or contains vulnerabilities, making it a high-value target for attackers. Implement the principle of least privilege. Ensure the skill only requests and uses the minimum necessary permissions for each specific operation. Isolate high-privilege operations where possible, and clearly document all required permissions and their justifications. Consider sandboxing or containerization for high-risk operations. | LLM | SKILL.md:13 |
Scan History
Embed Code
[](https://skillshield.io/report/764b7ac0c3b55fc5)
Powered by SkillShield