Security Audit

orchestrator

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

orchestrator received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Agent instructed to use `exec` for script execution, Broad code execution and tool access granted.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Agent instructed to use `exec` for script execution The skill explicitly instructs the orchestrator agent to use `exec` for manipulating files or running scripts. This capability allows arbitrary command execution, posing a significant command injection risk if the agent processes untrusted input. An attacker could craft input that leads to the execution of malicious commands on the host system. Remove or strictly limit the agent's ability to use `exec` directly. Instead, provide specific, sandboxed tools for file manipulation or script execution with predefined, limited functionalities. If `exec` is absolutely necessary, ensure all inputs are strictly validated and sanitized, and execution occurs within a highly constrained environment (e.g., a container or chroot jail).	LLM	SKILL.md:24
HIGH	Broad code execution and tool access granted The orchestrator skill is instructed to use `pi` (coding-agent skill) and `mcporter` for 'external MCP tools' and to 'manipulate files or run scripts'. The `coding-agent` typically provides broad code execution capabilities, and `mcporter` can invoke a wide range of external tools. This grants the agent excessive permissions, enabling it to potentially read, write, or delete arbitrary files, execute arbitrary code, or interact with external systems without sufficient constraints. This broad access increases the attack surface for data exfiltration, system compromise, or unauthorized actions. Implement a principle of least privilege. Restrict the `coding-agent` and `mcporter` capabilities to a highly sandboxed environment with minimal necessary permissions. Define specific, narrow-scope tools for file operations or script execution rather than granting general `pi` or `mcporter` access. Carefully review and limit the scope of 'external MCP tools' that `mcporter` can invoke.	LLM	SKILL.md:24

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4df9edeee3d0d7d8.svg)](https://skillshield.io/report/4df9edeee3d0d7d8)