Trust Assessment
portainer received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 1 critical, 1 high, 3 medium, and 1 low severity. Key findings include Suspicious import: requests, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Docker API Access via `execute_docker_command` The `execute_docker_command` function allows arbitrary Docker API requests to be proxied through Portainer. This grants an attacker (via prompt injection or malicious input) direct control over the underlying Docker daemon, enabling actions such as creating privileged containers, executing commands on the host, or exfiltrating sensitive data from the Docker environment. This is a severe command injection and privilege escalation risk. Remove or severely restrict the `execute_docker_command` function. If direct Docker API access is absolutely necessary, implement strict input validation and whitelisting for `path`, `method`, and `payload` to prevent arbitrary command execution. Consider using a more granular Portainer API for specific, safe operations instead of a generic proxy. | LLM | scripts/portainer_manager.py:120 | |
| HIGH | Insecure TLS/SSL Verification (verify=False) All HTTP requests made by the skill disable SSL/TLS certificate verification (`verify=False`). This makes the communication with the Portainer API vulnerable to Man-in-the-Middle (MitM) attacks. An attacker could intercept and modify API requests and responses, potentially stealing the Portainer API key, injecting malicious commands, or exfiltrating sensitive data without detection. Enable SSL/TLS certificate verification by removing `verify=False` from all `requests` calls. Ensure the Portainer API endpoint uses valid, trusted certificates. If self-signed certificates are used in a controlled environment, configure `requests` to trust a specific CA bundle rather than disabling verification entirely. | LLM | scripts/portainer_manager.py:15 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/leventsoft/portainer-skill-openclaw/scripts/portainer_manager.py:3 | |
| MEDIUM | Unpinned npm dependency version Dependency 'requests' is not pinned to an exact version ('^2.31.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/leventsoft/portainer-skill-openclaw/package.json | |
| MEDIUM | Potential Sensitive Data Exposure via `inspect_stack` The `inspect_stack` function attempts to fetch and return the `StackFileContent`. If Docker Compose files contain sensitive information (e.g., environment variables with secrets, database credentials), this function could inadvertently expose that data to the user or a malicious actor if the skill's output is not properly handled or if the skill is prompted to inspect a specific stack. Review whether `StackFileContent` should always be returned. Consider redacting sensitive information from the stack file content before returning it, or provide an option to exclude it. Ensure that access to `inspect_stack` is appropriately controlled and that users are aware of the potential for sensitive data exposure. | LLM | scripts/portainer_manager.py:60 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/leventsoft/portainer-skill-openclaw/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/e7aed39c8ec9f713)
Powered by SkillShield