Security Audit

paying-with-locus

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

paying-with-locus received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unverified Remote Code Execution via Skill Installation, Unverified Remote Code Execution via Skill Update/Heartbeat.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

2 findings

Shell Execution

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unverified Remote Code Execution via Skill Installation The skill instructs the agent to download and install multiple skill-related files directly from 'https://paywithlocus.com' using `curl`. There is no cryptographic verification (e.g., checksums, PGP signatures) for these downloaded files. If 'paywithlocus.com' were compromised, an attacker could serve malicious skill files, leading to arbitrary code execution or other attacks when the agent attempts to 'install locally' or 'check for updates'. This represents a significant supply chain risk, as the integrity of the skill's components cannot be guaranteed. Implement cryptographic verification for all downloaded skill files. This could involve providing SHA256 hashes for each file that the agent can verify after download, or using a trusted package manager that handles integrity checks. Alternatively, bundle all necessary skill files within the skill package itself rather than relying on external downloads at runtime.	LLM	skill.md:20
HIGH	Unverified Remote Code Execution via Skill Update/Heartbeat The skill explicitly instructs the agent to 'Re-fetch these files anytime to see new features!' and to 'Fetch and follow https://paywithlocus.com/heartbeat.md' as part of its periodic routine. Similar to the initial installation, these instructions involve downloading content from an external domain ('https://paywithlocus.com') without any integrity checks. This continuous reliance on unverified remote content for updates and operational routines amplifies the supply chain risk, making the agent vulnerable to malicious updates if the source domain is compromised. All skill updates and dynamic content fetching should incorporate robust integrity checks. Provide cryptographic hashes for all files, or use a secure update mechanism that verifies the authenticity and integrity of new versions before they are applied. Avoid instructing the agent to blindly 'follow' external URLs for operational logic without verification.	LLM	skill.md:140

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/81a6fdfdfab97e10.svg)](https://skillshield.io/report/81a6fdfdfab97e10)