Trust Assessment
raglite received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Command Injection via untrusted arguments in plugin entrypoint, Unpinned dependencies in install script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/virajsanghvi1/raglite/SKILL.md:54 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/virajsanghvi1/raglite/SKILL.md:63 | |
| CRITICAL | Command Injection via untrusted arguments in plugin entrypoint The `openclaw.plugin.json` defines an entrypoint that executes a shell script using `bash -lc "${SKILL_DIR}/scripts/raglite.sh $@"`. The `$@` within the string passed to `bash -lc` is vulnerable to shell metacharacter injection. If an attacker provides arguments containing shell metacharacters (e.g., `;`, `|`, `&`, `$(...)`), these will be interpreted and executed by the shell, leading to arbitrary command execution. Avoid using `bash -lc` with unquoted `$@` for user-controlled input. Instead, pass arguments as separate elements to the command or use a safer execution method that prevents shell interpretation. For example, use `"command": ["bash", "-lc", "exec \"$0\" \"$@\"", "${SKILL_DIR}/scripts/raglite.sh", "--"]` to ensure arguments are treated as literal strings by the inner shell. | LLM | scripts/openclaw.plugin.json:10 | |
| HIGH | Unpinned dependencies in install script The `install.sh` script uses `pip install --upgrade raglite-chromadb` and `pip install --upgrade pip setuptools wheel` without specifying exact versions. This introduces a supply chain risk where future installations could pull in new, potentially breaking, or even malicious versions of these packages if their maintainers' accounts are compromised or a typosquatting attack occurs. This lack of pinning makes the skill vulnerable to unexpected changes or security vulnerabilities introduced in newer versions. Pin all dependencies to specific, known-good versions (e.g., `raglite-chromadb==1.0.8`). It is best practice to use a `requirements.txt` file with pinned versions and install from that file. | LLM | scripts/install.sh:18 |
Scan History
Embed Code
[](https://skillshield.io/report/12d892b268bc7161)
Powered by SkillShield