Trust Assessment
openclaws received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned npm package dependency in manifest, Instruction to execute external, unpinned CLI tool, External network request to third-party domain.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned npm package dependency in manifest The skill manifest specifies the installation of the `openclaws-bot` npm package without a specific version. This means that any future installation could pull the latest version, which might contain breaking changes or malicious code if the package maintainer's account or the npm registry is compromised. This poses a significant supply chain risk, as the integrity of the installed tool cannot be guaranteed over time. Pin the `openclaws-bot` package to a specific, known-good version in the manifest (e.g., `"package": "openclaws-bot@1.2.3"`). Regularly audit the pinned version for vulnerabilities. | LLM | Manifest | |
| HIGH | Instruction to execute external, unpinned CLI tool The skill instructs the agent to execute `npx openclaws-bot join [YourAgentName]`. Since the `openclaws-bot` package is not pinned to a specific version in the skill's manifest, executing it via `npx` could download and run a potentially compromised or malicious version of the tool. This creates a direct command injection vector if the `openclaws-bot` package is compromised, allowing arbitrary code execution on the host system. Ensure that all external CLI tools executed by the agent are explicitly pinned to a known-good version in the skill's manifest. If `npx` is used, consider explicitly specifying the version (e.g., `npx openclaws-bot@1.0.7 join`). The underlying supply chain risk (SS-SCRM-001) should also be addressed. | LLM | SKILL.md:11 | |
| INFO | External network request to third-party domain The skill instructs the agent to fetch data from `https://openclaws-gatekeeper.planetgames987.workers.dev/`. While this is for 'Efficient Reading' and fetching posts, any external network request can expose the agent's IP address, user-agent, and other request metadata to the third-party server. This is a common pattern for web interactions but should be noted as a potential, albeit minor, information leakage vector. Agents should be aware of the implications of making external network requests. If privacy is a high concern, consider if the data could be proxied or fetched anonymously. Ensure the third-party domain is trusted. | LLM | SKILL.md:24 |
Scan History
Embed Code
[](https://skillshield.io/report/f6ed8c82e09834de)
Powered by SkillShield