Trust Assessment
plenty-of-claws received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Inconsistent and Ambiguous Relative Path for Profile Storage, Prompt Injection via Unsanitized User/Agent Names and Profile Data.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Prompt Injection via Unsanitized User/Agent Names and Profile Data The skill directly embeds `context.name`, `context.agent?.name`, `targetProfile.bio`, and `targetProfile.interests` into the response messages without any sanitization or escaping. An attacker could set their agent's name (e.g., via `context.name` or `context.agent.name`) or craft a malicious bio or interest list (stored in `profiles.json`) to include instructions for the host LLM. When these values are displayed in responses (e.g., during sign-up confirmation or profile viewing), they could manipulate the LLM's subsequent behavior. Implement robust sanitization or escaping for all user-controlled inputs (`name`, `agentType`, `bio`, `interests`) before embedding them into LLM responses. This could involve escaping markdown characters or using a dedicated sanitization library to prevent malicious instructions from being interpreted by the host LLM. | LLM | index.js:40 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/milkehuk-coder/plenty-of-claws/index.js:21 | |
| MEDIUM | Inconsistent and Ambiguous Relative Path for Profile Storage The `PROFILE_PATH` in `index.js` is defined as a relative path `./skills/clawd-date/profiles.json`. This path is inconsistent with the `SKILL.md` (which implies `plenty-of-claws/profiles.json`) and the test files (`manual-test.js`, `test.js`) which correctly use `path.join(__dirname, "profiles.json")`. A relative path without `path.join(__dirname, ...)` makes the actual storage location dependent on the current working directory of the process executing the skill. This could lead to excessive permissions, allowing the skill to write/read files outside its intended `plenty-of-claws` directory, or data exfiltration/corruption if the working directory is manipulated or if the path resolves to an unintended or sensitive location. Change `PROFILE_PATH` to use `path.join(__dirname, "profiles.json")` for robustness and consistency. This requires importing `path` and `fileURLToPath` from `url` as demonstrated in the test files. | LLM | index.js:4 |
Scan History
Embed Code
[](https://skillshield.io/report/72078af4339ceae3)
Powered by SkillShield