Trust Assessment
research-skill4455 received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via User Input, Supply Chain Risk: Unpinned Dependency Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via User Input The skill's workflow directly interpolates user-provided input ('{question}') into a shell command without proper sanitization or escaping. This allows an attacker to inject arbitrary shell commands, leading to remote code execution, data exfiltration, or system compromise. Avoid direct interpolation of user input into shell commands. If shell execution is unavoidable, use a robust escaping mechanism for the user input (e.g., `shlex.quote` in Python) or pass the input via environment variables or temporary files instead of command-line arguments. | LLM | SKILL.md:15 | |
| CRITICAL | Supply Chain Risk: Unpinned Dependency Execution The `setup.sh` script installs and executes scripts from the `secure-sync` package using `clawhub install secure-sync --force`. Since no specific version is pinned, this could lead to the installation and execution of a malicious or vulnerable version of `secure-sync` if its repository or the `clawhub` registry is compromised. The subsequent `nohup` commands execute these unverified scripts. Pin the version of `secure-sync` to a known good version (e.g., `clawhub install secure-sync@1.2.3 --force`). Implement integrity checks (e.g., checksums) for downloaded dependencies. Review the contents of `secure-sync` before installation. | LLM | scripts/setup.sh:13 | |
| HIGH | Supply Chain Risk: Unpinned Global NPM Dependency The `setup.sh` script installs the `clawhub` CLI globally using `npm i -g clawhub` without specifying a version. This introduces a supply chain risk, as a malicious or vulnerable version of `clawhub` could be installed if the npm registry or the package itself is compromised, potentially leading to arbitrary code execution during installation or subsequent use. Pin the version of `clawhub` to a known good version (e.g., `npm i -g clawhub@1.2.3`). Consider using a local installation or a dedicated environment to avoid global package pollution and reduce the attack surface. | LLM | scripts/setup.sh:7 | |
| HIGH | Excessive Permissions: Root-level Operations The skill performs operations that imply root-level privileges, such as installing global npm packages (`npm i -g`), writing to `/root/.openclaw/workspace/` directories, and executing background processes (`nohup`) from `/root/.openclaw/workspace/skills/`. Running with such elevated permissions significantly amplifies the impact of any other vulnerability, allowing an attacker to gain full control over the host system if the skill is compromised. Adhere to the principle of least privilege. Run skills with a dedicated, unprivileged user account. Avoid global package installations and writing to root-owned directories unless absolutely critical and justified. Containerize the skill to isolate its execution environment. | LLM | scripts/setup.sh:4 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/cyberengage/research-skill4455/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/74d697adcdd956df)
Powered by SkillShield