Security Audit

polyclaw

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

polyclaw received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include API endpoint can be redirected via environment variable, Unescaped variables in JSON payload can lead to malformed JSON.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	API endpoint can be redirected via environment variable The `POLYCLAW_API_URL` environment variable allows an attacker to specify an arbitrary API endpoint. When the `register.sh` script is executed, it will send the `OPERATOR_API_KEY` and the full agent registration payload (including agent name, token symbol, and configuration) to this potentially malicious endpoint. This enables credential harvesting and data exfiltration. Remove the ability to override `POLYCLAW_API_URL` via an environment variable, or implement strict validation of the URL if it must be configurable. For production scripts, hardcode the API URL or use a secure configuration management system.	LLM	scripts/register.sh:37
MEDIUM	Unescaped variables in JSON payload can lead to malformed JSON String variables such as `AGENT_NAME`, `STRATEGY_DESCRIPTION`, and `PERSONALITY` are directly interpolated into a JSON payload within a heredoc without proper escaping. If these variables contain double quotes (`"`) or other JSON-breaking characters, the resulting JSON will be malformed. This can lead to API request failures, unexpected server-side parsing behavior, or potentially bypass input validation if the server attempts to 'fix' malformed JSON. While direct shell command injection is unlikely in this specific heredoc context, malformed JSON can still be a vulnerability. Before interpolating string variables into the JSON payload, ensure they are properly JSON-escaped. This can be done using `jq -Rsa .` or a similar utility to escape the string content. For example, `AGENT_NAME_ESCAPED=$(jq -Rsa . <<< "$AGENT_NAME")`.	LLM	scripts/register.sh:110

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/24294b4be42c6982.svg)](https://skillshield.io/report/24294b4be42c6982)