Security Audit

raini-skill-audit

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

raini-skill-audit received a trust score of 47/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 5 findings: 1 critical, 0 high, 3 medium, and 1 low severity. Key findings include File read + network send exfiltration, Missing required field: name, Sensitive path access: Environment file.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

70%

Static Code Analysis

86%

Dependency Graph

98%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

4 findings

Shell Execution

1 finding

Excessive Permissions

3 findings

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality.	Manifest	skills/0xraini/raini-skill-audit/SKILL.md:35
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/0xraini/raini-skill-audit/SKILL.md:1
MEDIUM	Sensitive path access: Environment file Access to Environment file path detected: '~/.env'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/0xraini/raini-skill-audit/SKILL.md:35
MEDIUM	Arbitrary directory scanning capability The `scanDirectory` function in `src/audit.js` accepts an arbitrary path as input and recursively reads all files within it. There is no internal validation to restrict the scanning scope to only skill-related directories (e.e.g, `~/.openclaw/workspace/skills/`). This allows the skill to be instructed by the agent to read files from any location on the filesystem, including sensitive system directories or user home directories, which is an excessive permission for a skill whose stated purpose is to audit other skills. While the skill itself does not exfiltrate data, this broad access could be leveraged in a multi-stage attack to locate sensitive information. Implement input validation for the `dir` argument in `scanDirectory` to ensure it only operates within a predefined set of safe directories (e.g., `~/.openclaw/workspace/skills/` or explicitly whitelisted paths). Alternatively, the agent calling the skill should be responsible for providing only safe, sandboxed paths.	LLM	src/audit.js:79
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/0xraini/raini-skill-audit/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2eec18109c1e95d7.svg)](https://skillshield.io/report/2eec18109c1e95d7)