Trust Assessment
relay-for-telegram received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Agent instructed to execute `clawhub install` command, Agent instructed to execute `export` command, Agent instructed to perform shell commands, implying excessive permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Agent instructed to execute `clawhub install` command The 'Agent Quickstart' section explicitly instructs the agent to execute the shell command `clawhub install relay-for-telegram`. If the agent has shell execution capabilities, this allows it to install software. This is a command injection vulnerability, as a compromised `clawhub` tool or package repository could lead to arbitrary code execution on the host system. Avoid instructing the agent to execute shell commands directly for skill installation. Instead, rely on the platform's built-in skill management system or provide instructions for a human user. If shell execution is unavoidable, ensure strict sandboxing and whitelisting of commands and arguments. | LLM | SKILL.md:290 | |
| HIGH | Agent instructed to perform shell commands, implying excessive permissions The 'Agent Quickstart' section explicitly instructs the agent to execute shell commands (`clawhub install` and `export`) for skill installation and API key configuration. This implies the agent is expected to have broad shell execution permissions, which is excessive for an LLM agent. Granting such permissions significantly increases the attack surface, allowing for potential arbitrary code execution, system modification, or data exfiltration if the agent is compromised or manipulated. Design skills to operate within a more restricted environment. Avoid instructing agents to execute arbitrary shell commands. Utilize platform-provided mechanisms for skill installation and secret management that do not require direct shell access by the agent. If shell access is absolutely necessary, implement strict whitelisting of commands and arguments, and ensure robust sandboxing. | LLM | SKILL.md:289 | |
| MEDIUM | Agent instructed to execute `export` command The 'Agent Quickstart' section explicitly instructs the agent to execute the shell command `export RELAY_API_KEY="rl_live_xxx"`. If the agent has shell execution capabilities, this allows it to set environment variables. While intended for a specific API key, this demonstrates the agent is instructed to run shell commands, which could be exploited if the agent is manipulated to export malicious values or other sensitive environment variables, potentially leading to further command injection or data exfiltration. Avoid instructing the agent to execute shell commands directly for environment variable setup. Instead, rely on the platform's secure secrets management or provide instructions for a human user. If shell execution is unavoidable, ensure strict sandboxing and whitelisting of commands and arguments. | LLM | SKILL.md:294 | |
| MEDIUM | Skill instructs agent to install unpinned dependency The instruction `clawhub install relay-for-telegram` in the 'Agent Quickstart' section does not specify a version for the `relay-for-telegram` skill. This means the agent would install the latest available version, which introduces a supply chain risk. If a malicious update is pushed to the `clawhub` repository, the agent could unknowingly install compromised software. Without version pinning, the skill's behavior could change unexpectedly or maliciously. Always specify exact versions for dependencies when instructing automated systems to install them (e.g., `clawhub install relay-for-telegram==2.2.0`). Implement mechanisms to verify package integrity (e.g., checksums) if available. | LLM | SKILL.md:290 |
Scan History
Embed Code
[](https://skillshield.io/report/65cb8f0e08673392)
Powered by SkillShield