Security Audit

rtfm-testing

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

rtfm-testing received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Prompt Injection Vulnerability in Spawned Agent Task.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Prompt Injection Vulnerability in Spawned Agent Task The skill's recommended usage pattern for `sessions_spawn` constructs the `task` parameter by directly concatenating user-provided input (`[TASK DESCRIPTION]`, `[PASTE DOCS HERE]`) into the prompt for the newly spawned agent. This design allows a malicious user to inject arbitrary instructions into the spawned agent's prompt, potentially leading to unintended actions, data exfiltration by the spawned agent, or circumvention of its intended purpose. While this does not directly affect the host LLM running SkillShield, it represents a significant vulnerability in the skill's operational security. Implement robust input sanitization or use structured input methods (e.g., separate parameters for task and documentation) when constructing prompts for spawned agents. Ensure that user-provided content is clearly delineated from system instructions to prevent prompt injection. Consider using a templating system that escapes or isolates user input, or explicitly instruct the spawned agent to treat user input as data rather than instructions.	LLM	SKILL.md:30
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/zscole/rtfm-testing/SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/95861df6079d6e4e.svg)](https://skillshield.io/report/95861df6079d6e4e)