Trust Assessment
search-openclaw-docs received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 1 high, 5 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned npm dependency version, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive permissions: Skill can index arbitrary file system paths via environment variable The `scripts/docs-index.js` script, which is executed during `postInstall` and can be run manually, determines the root directory for documentation indexing using `process.env.DOCS_PATH`. If this environment variable is set to a sensitive or arbitrary location (e.g., `/`, `~`, `/etc`), the skill will recursively read all `.md` files within that path. The `lib/indexer.js` module then reads the content of these files and stores derived metadata (title, headers, keywords, summary) in `~/.openclaw/docs-index/openclaw-docs.sqlite`. This grants the skill excessive permissions to access and process potentially sensitive user or system files, leading to a data exfiltration risk if the index is later queried by an attacker or a compromised agent. Restrict the `DOCS_PATH` to a predefined, non-sensitive directory (e.g., within the skill's own directory or a dedicated, sandboxed documentation directory). Avoid using environment variables for sensitive path configurations that can lead to arbitrary file system access. If customization is necessary, implement strict path validation and confinement (e.g., ensuring the path is a subdirectory of a known safe location) to prevent indexing of unauthorized directories. | LLM | scripts/docs-index.js:10 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/karmanverma/search-openclaw-docs/lib/metadata.js:65 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/karmanverma/search-openclaw-docs/lib/metadata.js:106 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/karmanverma/search-openclaw-docs/lib/search.js:17 | |
| MEDIUM | Unpinned npm dependency version Dependency 'better-sqlite3' is not pinned to an exact version ('^11.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/karmanverma/search-openclaw-docs/package.json | |
| MEDIUM | Unpinned dependency 'better-sqlite3' The `package.json` specifies the `better-sqlite3` dependency with a caret range (`^11.0.0`). This allows npm to install any `11.x.x` version, which introduces a supply chain risk. Future installations might pull in a new minor or patch version that could contain vulnerabilities or breaking changes without explicit review, potentially compromising the skill's integrity or stability. Pin the dependency to an exact version (e.g., `"better-sqlite3": "11.0.0"`) to ensure deterministic installations. Alternatively, ensure a `package-lock.json` or `npm-shrinkwrap.json` is committed and used consistently. | LLM | package.json:15 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/karmanverma/search-openclaw-docs/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/997a83b1a5b6a27c)
Powered by SkillShield