Trust Assessment
openclaw-serper received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 4 findings: 0 critical, 0 high, 3 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Suspicious import: urllib.request, Unpinned Python Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/nesdeq/openclaw-serper/scripts/search.py:5 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/nesdeq/openclaw-serper/scripts/search.py:20 | |
| MEDIUM | Unpinned Python Dependency The skill's `scripts/search.py` imports `trafilatura` without specifying a version. This means that `pip install trafilatura` (as mentioned in the manifest) will install the latest available version. Future versions of `trafilatura` could introduce breaking changes, vulnerabilities, or even malicious code, leading to unexpected behavior or security risks. Pinning dependencies to specific versions (e.g., `trafilatura==1.2.3`) is a best practice for supply chain security and reproducibility. Pin the `trafilatura` dependency to a specific, known-good version in a `requirements.txt` file or directly in the manifest's compatibility notes. For example, `pip install trafilatura==x.y.z`. | LLM | scripts/search.py:16 | |
| INFO | Broad Bash Permission for Python Execution The skill declares `Bash(python3:*)` as an allowed tool. While the skill's `scripts/search.py` only uses `python3 scripts/search.py` with specific arguments, the `*` wildcard in the permission technically allows `python3` to execute arbitrary commands or scripts via Bash. If the skill's Python script were vulnerable to command injection, this broad permission could be exploited. Although no direct command injection vulnerability was found in `scripts/search.py`, it's a good practice to use the most restrictive permissions possible. If the platform supports it, a more granular permission like `Bash(python3 scripts/search.py *)` would reduce the attack surface. If the platform allows, refine the `allowed-tools` permission to be more specific, e.g., `Bash(python3 scripts/search.py *)`, to limit the scope of what `python3` can execute. Otherwise, ensure rigorous security reviews of the Python script to prevent any command injection vulnerabilities. | LLM | Manifest:1 |
Scan History
Embed Code
[](https://skillshield.io/report/c39c3e68437b4a50)
Powered by SkillShield