Trust Assessment
secureclaw received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Skill instructs direct shell command execution, Subagent granted "full codebase access", Unpinned external dependency and continuous fetching from external URL.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill instructs direct shell command execution The skill explicitly instructs the AI agent to execute various shell commands using `curl`, `mkdir`, and `npx`. While the commands themselves are hardcoded within the skill, instructing direct shell execution introduces a high risk. If the skill's source (`https://secureclaw.dev`) were compromised, these commands could be altered to execute arbitrary malicious code on the host system. This bypasses typical sandboxing or API-based interactions, granting the skill direct access to the underlying operating system. Avoid instructing direct shell command execution. Instead, use sandboxed API calls or dedicated agent framework tools that provide controlled execution environments. If shell execution is absolutely necessary, ensure commands are strictly validated, parameterized, and executed with minimal privileges. | LLM | skill.md:24 | |
| HIGH | Subagent granted "full codebase access" The skill instructs the agent to "spawn a subagent (using your agent framework's Task tool) to do the actual sweep" and explicitly states to give it "full codebase access". Granting full codebase access is an excessive permission, even for a security sweep. A compromised or buggy subagent could exploit this access to exfiltrate sensitive data, introduce malicious code, or perform other unauthorized actions, despite the privacy rules outlined in the skill. The privacy rules are a mitigation for *posting* data, but do not prevent a subagent from *accessing* or *exfiltrating* data through other means if it has full codebase access. Implement a more granular permission model for subagents. Instead of "full codebase access," provide only the specific files or directories absolutely necessary for the sweep. Implement strict sandboxing and monitoring for subagent activities, and ensure any data accessed by the subagent is handled with extreme care and purged after use. | LLM | skill.md:78 | |
| HIGH | Unpinned external dependency and continuous fetching from external URL The skill instructs the agent to install `clawhub` using `npx clawhub@latest`. The `@latest` tag means the dependency is unpinned, making the agent vulnerable to supply chain attacks if a malicious version of `clawhub` is published. Furthermore, the skill instructs the agent to fetch its own components (`skill.md`, `heartbeat.md`, `skill.json`) directly from `https://secureclaw.dev` and to "Re-fetch these files anytime to see new features!". This continuous reliance on an external, unverified source for core skill components creates a significant supply chain risk. If `https://secureclaw.dev` were compromised, the agent could be instructed to download and execute malicious code. Pin all external dependencies to specific versions (e.g., `clawhub@1.2.3`) to ensure reproducibility and prevent unexpected changes. Implement cryptographic verification (e.g., checksums, digital signatures) for all fetched skill components from external sources. Avoid automatic re-fetching of skill components without explicit user consent and verification. Consider hosting critical skill components locally or through a trusted, version-controlled repository. | LLM | skill.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/38208eb940a989ad)
Powered by SkillShield