Trust Assessment
payclaw received a trust score of 28/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Unpinned npm dependency version, Command Injection via execSync with unescaped user input.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/rojasjuniore/payclaw/dist/cli.js:44 | |
| CRITICAL | Command Injection via execSync with unescaped user input The `circleWallet` function directly concatenates user-supplied arguments into a shell command executed via `child_process.execSync`. This is a classic command injection vulnerability. An attacker can provide malicious input containing shell metacharacters (e.g., `"; rm -rf /"`) for options like `--api-key`, wallet `name`, `address`, or `amount` to execute arbitrary commands on the host system. This allows for remote code execution. Avoid concatenating user input directly into shell commands. Use `child_process.spawn` or `child_process.execFile` with arguments passed as an array, which prevents shell interpretation. If `execSync` must be used, ensure all user-supplied inputs are rigorously sanitized and escaped for the shell (e.g., using a dedicated shell escaping library) or strictly validated to only allow expected characters. For sensitive data like API keys, pass them via environment variables to the child process instead of command-line arguments. | LLM | src/cli.ts:90 | |
| HIGH | Circle API Key stored in plaintext on filesystem The skill stores the user-provided Circle API key in `~/.openclaw/payclaw/config.json`. Although the file permissions are set to `0o600` (read/write only by owner), storing sensitive API keys directly on the filesystem can expose them to other processes running as the same user, or to attackers who gain local access to the system. This increases the risk of credential harvesting and data exfiltration if the host system is compromised. Avoid storing API keys directly on the filesystem. Instead, encourage users to provide the API key via environment variables (e.g., `CIRCLE_API_KEY`) which can be accessed by the skill at runtime. If persistent storage is absolutely necessary, consider using a secure credential store or encrypting the API key at rest. | LLM | src/cli.ts:118 | |
| MEDIUM | Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/rojasjuniore/payclaw/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/941174175b0b4e64)
Powered by SkillShield