Security Audit

oracle

github.com/openclaw/openclaw

AI SkillCommit b62bd290cb4e

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

oracle received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency in skill manifest, Skill enables broad local filesystem access for external transmission.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned dependency in skill manifest The skill manifest specifies the `@steipete/oracle` package without a version constraint. This means that during installation, the latest version will be fetched. If a malicious update is pushed to this package, or if the package maintainer's account is compromised, the installed skill could contain arbitrary malicious code. This poses a significant supply chain risk. Pin the dependency to a specific version (e.g., `"@steipete/oracle": "1.2.3"`) or a version range with a lower bound (e.g., `"@steipete/oracle": "^1.2.3"`) to ensure consistent and secure installations.	LLM	SKILL.md
MEDIUM	Skill enables broad local filesystem access for external transmission The skill instructs the user to utilize the `oracle` CLI tool, which is designed to read and bundle arbitrary local files and directories (e.g., `src/**`) for transmission to an external LLM. While the skill provides explicit warnings about not attaching secrets and mechanisms for file exclusion, the fundamental capability granted to the `oracle` tool involves broad filesystem access and the potential for data exfiltration if not used carefully by the end-user. The skill's core functionality relies on this broad access. Users should be made explicitly aware of the data transmission implications and the need for careful file selection and redaction. The skill could further emphasize best practices for securing sensitive data, perhaps by recommending a review step before transmission or by suggesting more stringent default exclusion patterns for common sensitive files beyond what `oracle` already provides.	LLM	SKILL.md:45

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/45a565e5770f953b.svg)](https://skillshield.io/report/45a565e5770f953b)