Security Audit

server-health

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

server-health received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Script requires elevated privileges and accesses sensitive root directory.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Script requires elevated privileges and accesses sensitive root directory The `server-health.sh` script executes several commands that typically require elevated privileges (e.g., `systemctl`, `docker`, `sensors`, `sar`, `iostat`). Furthermore, it directly accesses configuration files within the `/root` directory (`/root/.openclaw/openclaw.json` and `ls /root/.openclaw/agents/main/sessions/.json`). If the skill execution environment grants the agent broad permissions (e.g., running as root or with extensive `sudo` access), a compromised skill or a malicious modification to this script could leverage these permissions to perform unauthorized system-level operations, read sensitive root-owned files, or escalate privileges. While the script's current implementation only reads specific keys from the OpenClaw config, the ability to access `/root` is a significant privilege. 1. Principle of Least Privilege:* Ensure the skill is executed with the absolute minimum necessary permissions. Avoid running the script as `root` or with blanket `sudo` access. 2. Dedicated User: Create a dedicated, unprivileged user for running the skill. Grant this user only the specific permissions required for the health checks (e.g., read access to specific config files, `sudo` access to specific commands with restricted arguments via `sudoers`). 3. Alternative Data Sources: Investigate if the required OpenClaw configuration or session information can be obtained via less privileged means, or if it can be provided to the script as environment variables or arguments, rather than reading directly from `/root`. 4. Containerization/Sandboxing: Run the skill within a containerized or sandboxed environment with strict resource and permission controls to isolate it from the host system.	LLM	server-health.sh:85

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2bf24cf4be049bb0.svg)](https://skillshield.io/report/2bf24cf4be049bb0)