Trust Assessment
openclaw-social-scheduler received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 1 critical, 1 high, 3 medium, and 1 low severity. Key findings include Missing required field: name, Unpinned npm dependency version, Arbitrary File Read via Unsanitized Config Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 46/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Read via Unsanitized Config Path The skill allows reading arbitrary files from the filesystem by passing a controlled path as the 'config' argument to `scripts/post.js`, `scripts/thread.js`, and `scripts/upload-media.js`. The `fs.readFileSync` and `fs.readFile` calls do not sanitize or validate the `config` or `configPath` argument, which is taken directly from `process.argv`. An attacker controlling this argument could read sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) from the system. Implement strict validation for file paths passed as arguments. Only allow reading from a predefined, secure directory (e.g., `.credentials/`). Alternatively, require credentials to be passed via environment variables or a secure secrets management system, rather than file paths or direct command-line arguments. | LLM | scripts/post.js:28 | |
| HIGH | Unencrypted Storage of Sensitive Credentials on Disk The `scripts/queue.js` module stores the entire `config` object, which contains sensitive credentials (e.g., API keys, access tokens, passwords for Twitter, Reddit, Mastodon, Bluesky, Moltbook), unencrypted in the `storage/queue.json` file. Any entity with read access to the filesystem can easily retrieve these credentials, leading to full account compromise on the integrated social media platforms. Do not store sensitive credentials directly on disk. Instead, use environment variables, a secure secrets management service, or prompt the user for credentials at runtime. If persistent storage is absolutely necessary, encrypt the sensitive parts of the configuration using a strong encryption mechanism and a securely managed key. | LLM | scripts/queue.js:40 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/mrshorrid/openclaw-social-scheduler/SKILL.md:1 | |
| MEDIUM | Unpinned npm dependency version Dependency '@atproto/api' is not pinned to an exact version ('^0.18.20'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/mrshorrid/openclaw-social-scheduler/package.json | |
| MEDIUM | Outdated and Vulnerable `node-fetch` Dependency The `package.json` specifies `node-fetch: ^2.6.1`. `node-fetch` version 2.x is no longer maintained and has known security vulnerabilities (e.g., CVE-2022-0235, CVE-2022-0236). Using outdated dependencies can expose the skill to known exploits. Update `node-fetch` to a currently maintained version (e.g., `^3.0.0` or later) or replace it with a more secure and actively maintained HTTP client library. Ensure all other dependencies are kept up-to-date to mitigate known vulnerabilities. | LLM | package.json:30 | |
| LOW | Insecure Credential Handling in CLI Examples The `SKILL.md` documentation provides examples that demonstrate passing sensitive credentials (e.g., Discord webhook URLs, Moltbook API keys) directly as command-line arguments. This practice is insecure because command-line arguments can be visible in system process lists (`ps aux`) and stored in shell history files, making them vulnerable to exposure. Update documentation examples to recommend more secure methods for handling credentials, such as using environment variables (e.g., `process.env.DISCORD_WEBHOOK`) or prompting for input, rather than passing them directly on the command line. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/833a7fc15df5036c)
Powered by SkillShield