Security Audit

signl4

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

signl4 received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 1 low severity. Key findings include Covert behavior / concealment directives, SIGNL4_TEAM_SECRET exposed in webhook URL, Potential Prompt Injection via echoed user input.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

98%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	SIGNL4_TEAM_SECRET exposed in webhook URL The `SIGNL4_TEAM_SECRET` is directly interpolated into the `WEBHOOK_URL`. This practice exposes the secret in various contexts, including network logs, process lists (e.g., `ps` output), and any debugging output, making it vulnerable to credential harvesting and unauthorized access. Secrets should ideally be passed via HTTP headers or other secure mechanisms, not directly in the URL. Use an authentication method that does not embed secrets directly in the URL, such as HTTP Basic Auth headers, API key headers, or OAuth tokens. If URL embedding is unavoidable, ensure strict logging policies are in place to redact sensitive information and educate users on the risks.	LLM	SKILL.md:55
HIGH	Potential Prompt Injection via echoed user input The skill instructs the LLM to 'Repeat key details: Title, External ID' back to the user after sending an alert. If the user provides malicious input (e.g., prompt injection attempts) for these fields, the LLM might process them as new instructions, leading to unintended behavior, information disclosure, or manipulation of subsequent actions. Implement strict input validation and sanitization for all user-provided fields before they are echoed or processed. Avoid directly repeating user input that could contain instructions. Instead, summarize or confirm the action without verbatim repetition of potentially malicious input.	LLM	SKILL.md:76
LOW	Covert behavior / concealment directives Directive to hide behavior from user Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/rons4/signl4/SKILL.md:111

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a443059bc1604243.svg)](https://skillshield.io/report/a443059bc1604243)