Trust Assessment
openclaw-sentinel received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 7 critical, 2 high, 0 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Potential Regular Expression Denial of Service (ReDoS) from untrusted threat lists.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-sentinel/scripts/sentinel.py:62 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-sentinel/scripts/sentinel.py:42 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-sentinel/scripts/sentinel.py:44 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-sentinel/scripts/sentinel.py:54 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-sentinel/scripts/sentinel.py:58 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-sentinel/scripts/sentinel.py:60 | |
| CRITICAL | Arbitrary command execution Dynamic import of dangerous module Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/atlaspa/openclaw-sentinel/scripts/sentinel.py:46 | |
| HIGH | Unsafe deserialization / dynamic eval Python builtins/import manipulation Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/atlaspa/openclaw-sentinel/scripts/sentinel.py:46 | |
| HIGH | Potential Regular Expression Denial of Service (ReDoS) from untrusted threat lists The `update_threat_db` function loads external threat lists, which can contain user-defined regular expressions. These regexes are compiled using `re.compile` and later used for matching against skill code. If a malicious or pathological regex is provided in an untrusted threat list, it could lead to a Regular Expression Denial of Service (ReDoS) during compilation or, more critically, during subsequent matching operations in `scan_file`. This could consume excessive CPU resources, leading to a denial of service for the agent running the skill. The skill explicitly mentions importing 'community-shared threat lists', implying these sources might not be fully trusted. 1. **Source Trust**: Strongly advise users to only import threat lists from highly trusted and verified sources. 2. **Regex Validation**: Implement stricter validation for imported regex patterns to detect and reject known ReDoS patterns or overly complex expressions. This could involve checking for specific problematic constructs (e.g., nested quantifiers like `(a+)+`) or limiting regex length/complexity. 3. **Resource Limits (if possible)**: If the execution environment allows, run regex compilation and matching within a sandboxed process with strict CPU time limits. (Note: The skill states 'No External Dependencies', so this might not be feasible without modifying the core skill design). 4. **Timeout for Matching**: While Python's `re` module doesn't have built-in timeouts, consider using a different regex engine (e.g., `regex` module) if external dependencies become acceptable, or implement a custom timeout mechanism around the `re.search` calls. | LLM | scripts/sentinel.py:615 |
Scan History
Embed Code
[](https://skillshield.io/report/faebc7c3f733d79f)
Powered by SkillShield