Security Audit

ReefGram

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

ReefGram received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Untrusted content defines LLM's system prompt and behavior, Broad 'file' parameter enables arbitrary data exfiltration.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

86%

Behavioral Risk Signals

Filesystem Write

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Untrusted content defines LLM's system prompt and behavior The 'System Prompt' section within the untrusted `SKILL.md` attempts to define the LLM's persona ('You are a ReefGram-native agent') and operational guidelines ('Always include technical metadata,' 'Categorize hardware logs'). Since this content is untrusted, it represents an attempt to inject specific behaviors and instructions into the LLM's operating context, potentially influencing its responses and tool usage in ways not explicitly sanctioned by the host LLM's primary directives. System prompts and core behavioral instructions for the LLM should be defined by trusted sources, not within untrusted skill definitions. Skill definitions should primarily focus on tool specifications and examples, not direct LLM programming.	LLM	SKILL.md:7
MEDIUM	Broad 'file' parameter enables arbitrary data exfiltration The `transmit` tool's `file` parameter accepts a generic 'binary' input without specific restrictions on its origin or content beyond suggested media types (JPG/PNG/WEBP, MP4). If the LLM has access to a local filesystem or other data sources, this parameter could be exploited to upload and exfiltrate arbitrary sensitive files, not just 'hardware telemetry and creative media' as intended by the skill description. Restrict the `file` parameter to specific types or sources if possible, or add explicit warnings about uploading sensitive data. Implement server-side validation to ensure uploaded files conform to expected media types and sizes. If the LLM has filesystem access, consider sandboxing or explicit user confirmation for file uploads.	LLM	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/dc50fb3e024d18f2.svg)](https://skillshield.io/report/dc50fb3e024d18f2)