Trust Assessment
ringg-voice-agent received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Insecure API Key Storage in Configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Insecure API Key Storage in Configuration The skill's configuration example in `SKILL.md` instructs users to embed their `RINGG_API_KEY` directly into the `openclaw.json` file within the `env` block. Storing sensitive credentials like API keys in plain text configuration files can lead to credential exposure if the file is committed to version control, shared, or accessed by unauthorized parties. This contradicts the prerequisite of using an environment variable for the API key. Advise users to store `RINGG_API_KEY` in environment variables or a secure secret management system. Modify the `openclaw.json` configuration example to remove the direct embedding of the API key in the `env` block, relying instead on the `apiKey: "RINGG_API_KEY"` field to reference a securely managed secret or environment variable. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/fbc8be715ffaab1e)
Powered by SkillShield