Trust Assessment
raglite received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned Git dependency in install script, Command injection via unquoted arguments in plugin entrypoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/virajsanghvi1/raglite-library/SKILL.md:38 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/virajsanghvi1/raglite-library/SKILL.md:64 | |
| CRITICAL | Command injection via unquoted arguments in plugin entrypoint The `run` entrypoint in `openclaw.plugin.json` executes a shell command using `bash -lc "${SKILL_DIR}/scripts/raglite.sh $@"`. The `$@` within the quoted string is expanded directly by the `bash -lc` shell, allowing an attacker to inject arbitrary shell commands by providing arguments containing shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`). For example, an argument like `"; rm -rf /"` would execute `rm -rf /` after the `raglite.sh` script, leading to arbitrary code execution. The `command` array should pass arguments as separate elements to prevent shell expansion. Instead of `["bash", "-lc", "${SKILL_DIR}/scripts/raglite.sh $@"]`, it should be `["${SKILL_DIR}/scripts/raglite.sh", "$@"]` if the runtime supports expanding `$@` into multiple arguments. This ensures that each argument is treated as a distinct string and not subject to shell interpretation. If `bash -lc` is strictly required, then the arguments passed to the script must be properly escaped before being embedded into the single string for `bash -lc`. | LLM | scripts/openclaw.plugin.json:10 | |
| HIGH | Unpinned Git dependency in install script The skill installs the `raglite` package directly from the `main` branch of a GitHub repository (`git+https://github.com/VirajSanghvi1/raglite.git@main`). This means the skill's behavior can change if the upstream `main` branch is updated, potentially introducing vulnerabilities or malicious code without the skill maintainer's explicit review or version bump. It is best practice to pin dependencies to a specific commit hash or a version tag to ensure deterministic builds and prevent supply chain attacks. Pin the Git dependency to a specific commit hash or a version tag (e.g., `git+https://github.com/VirajSanghvi1/raglite.git@<commit_hash>` or `git+https://github.com/VirajSanghvi1/raglite.git@v1.2.3`). | LLM | scripts/install.sh:16 |
Scan History
Embed Code
[](https://skillshield.io/report/c6401bf8e28761c7)
Powered by SkillShield