Trust Assessment
openclaw-triage received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Symlink traversal allows reading/copying files outside intended workspace.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Symlink traversal allows reading/copying files outside intended workspace The `collect_files` function, which is central to the skill's operation (e.g., for 'Full Investigation' and 'Evidence Collection'), uses `os.walk(ws)` to traverse the specified workspace. By default, `os.walk` follows symbolic links. If a malicious user provides a `--workspace` argument that contains symlinks pointing to sensitive system directories (e.g., `/etc`, `/root/.ssh`), the skill will follow these links. This allows the skill to read, hash, and potentially copy files from arbitrary locations on the filesystem into its output or evidence collection directory, effectively bypassing the intended workspace boundary and leading to data exfiltration. Modify the `collect_files` function to prevent symlink traversal outside the workspace. This can be achieved by using `os.walk(ws, followlinks=False)` or by explicitly checking if a path is a symbolic link and ensuring its canonicalized target remains within the workspace boundary before processing. | LLM | scripts/triage.py:100 |
Scan History
Embed Code
[](https://skillshield.io/report/12ce67288925ba65)
Powered by SkillShield