Trust Assessment
parallel-task-executor received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill allows arbitrary shell command execution, Skill requests broad system access including file, network, and command execution, Skill capabilities enable potential data exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill allows arbitrary shell command execution The skill explicitly lists '命令执行' (Command execution) as a core capability, specifically mentioning 'Shell 命令' (Shell commands) and '脚本执行' (Script execution). This allows an attacker to execute arbitrary commands on the host system if they can control the input to the skill's command execution function, leading to potential system compromise. Implement strict input validation and sanitization for all commands. Avoid direct execution of arbitrary shell commands. If shell execution is absolutely necessary, use a highly restricted sandbox environment (e.g., chroot, containers, seccomp filters) and whitelist allowed commands and arguments. Consider using safer, purpose-built APIs instead of direct shell access. | LLM | SKILL.md:70 | |
| HIGH | Skill requests broad system access including file, network, and command execution The skill's described capabilities include extensive '文件操作' (file operations like create, delete, move, rename, download, upload), '网络请求' (HTTP requests, API calls, database queries), and '命令执行' (shell commands, script execution). This combination grants the skill very broad access to the host system's filesystem, network, and command execution environment. Without stringent sandboxing and access controls, this poses a significant security risk, enabling unauthorized actions. Implement a robust sandboxing mechanism for skill execution. Restrict file system access to only necessary directories. Limit network access to specific domains or protocols. Implement a strict allowlist for executable commands and arguments, rather than allowing arbitrary shell execution. | LLM | SKILL.md:64 | |
| HIGH | Skill capabilities enable potential data exfiltration The skill's ability to perform '文件操作' (specifically '下载/上传文件') and '网络请求' (HTTP requests, API calls) combined with '命令执行' (shell commands) creates a direct vector for data exfiltration. A malicious command or manipulated input could instruct the skill to read sensitive files from the system and transmit them to an external server via HTTP/API calls or upload them to an attacker-controlled location. The mention of `~/.openclaw/openclaw.json` also indicates potential access to user configuration files. Implement strict data egress policies. Monitor all outbound network connections initiated by the skill. Restrict file upload/download functionalities to trusted endpoints or specific, non-sensitive directories. Ensure that any file access is subject to user consent or strict policy enforcement. Prevent the skill from accessing sensitive user configuration files or environment variables unless explicitly required and approved. | LLM | SKILL.md:67 |
Scan History
Embed Code
[](https://skillshield.io/report/a8a490954c2524a6)
Powered by SkillShield