Security Audit

phoenix-shield

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

phoenix-shield received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned external dependency download, Unpinned dependency in example workflow.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned external dependency download The skill instructs the user to download and install 'OpenClaw CLI' from 'https://openclawcli.vercel.app/'. The provided URL does not specify a version, meaning the user will always download the latest version available. This introduces a significant supply chain risk, as a malicious update to the 'openclawcli' binary could be pushed to this URL, potentially compromising the user's system upon installation. Best practice dictates providing versioned download links and/or cryptographic checksums for binaries to ensure integrity and allow users to pin to specific, verified versions. Provide versioned download links (e.g., `https://openclawcli.vercel.app/openclawcli-v1.2.3.exe`) and/or cryptographic checksums (e.g., SHA256) for the downloaded binaries to allow users to verify integrity and pin to specific versions.	LLM	SKILL.md:7
MEDIUM	Unpinned dependency in example workflow The 'Safe OpenClaw Update' workflow example includes the command `npm install -g openclaw@latest`. Using `@latest` for package installation means that the exact version of the dependency is not pinned. This can lead to unexpected behavior, breaking changes, or the introduction of malicious code if a future version of `openclaw` is compromised or contains vulnerabilities. While this is an example, it demonstrates and encourages a risky practice. Best practice is to pin dependencies to specific versions (e.g., `openclaw@1.2.3`) to ensure reproducibility and security. Modify the example to specify a pinned version for `openclaw`, e.g., `npm install -g openclaw@X.Y.Z`, or recommend using a lock file mechanism for managing dependencies.	LLM	SKILL.md:138

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d506ab8c989fc7a9.svg)](https://skillshield.io/report/d506ab8c989fc7a9)