Trust Assessment
openclaw-skill-observability received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 3 medium, and 1 low severity. Key findings include Missing required field: name, Node lockfile missing, Potential Command Injection via `exec` with interpolated arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `exec` with interpolated arguments The `getSessions` function constructs a shell command using string interpolation for the `limit` parameter: `openclaw sessions list --json --limit ${limit}`. While the `limit` variable is currently derived from hardcoded integer values (100 or 50) within the skill, this pattern is highly vulnerable to command injection if `limit` were ever to be sourced from untrusted user input. An attacker could inject malicious shell commands by providing a specially crafted `limit` value (e.g., `50; rm -rf /`). This is a critical security anti-pattern that should be avoided. Avoid constructing shell commands with string interpolation of any dynamic input. If `limit` must be dynamic, ensure it is strictly validated (e.g., cast to integer) and ideally passed as a separate argument to `child_process.spawn` or `execFile` to prevent shell interpretation. For `openclaw` CLI, consider if there's an API or a safer way to interact than shelling out. | LLM | index.mjs:30 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/erain/openclaw-skill-observability/SKILL.md:1 | |
| MEDIUM | Direct shell command execution using `child_process.exec` The skill directly uses `child_process.exec` to run shell commands (`openclaw sessions list` and `journalctl`). This grants the skill broad capabilities to execute arbitrary commands on the host system. While the current commands are related to observability, the use of `exec` is a powerful primitive that bypasses typical sandboxing and could be exploited if the skill's code is compromised or if future modifications introduce vulnerabilities. This represents an excessive permission for a skill, as it can interact with the underlying operating system beyond its intended scope. Re-evaluate the necessity of direct shell execution. If interaction with `openclaw` or system logs is required, explore safer alternatives such as dedicated APIs, more restricted `child_process` methods like `execFile` (which executes a command directly without a shell, making injection harder), or a more granular logging API if available. If `exec` is unavoidable, ensure all commands are hardcoded or inputs are rigorously validated and escaped. Implement strict sandboxing for skill execution environments. | LLM | index.mjs:1 | |
| MEDIUM | Exposure of system logs via `journalctl` The `get_recent_errors` function retrieves system logs using `journalctl --user -u openclaw-gateway`. While the output is filtered for error/warning keywords and limited to the last 10 unique lines, system logs can inadvertently contain sensitive information such as file paths, environment variables, partial API requests/responses, or internal system identifiers. Exposing even filtered system logs through a skill increases the risk of data exfiltration if sensitive data happens to appear in error messages. Review the contents of `openclaw-gateway` logs to ensure no sensitive information is ever logged. If sensitive data might appear, consider redacting it before returning the logs, or provide a more abstract summary of errors rather than raw log lines. Implement strict access controls and data sanitization for any data retrieved from system-level sources. | LLM | index.mjs:100 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/erain/openclaw-skill-observability/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/b43e02e3cf3a0ee2)
Powered by SkillShield