Security Audit

skill-scanner

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

skill-scanner received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 1 low severity. Key findings include Hardcoded Bearer Token detected, Hardcoded API Key in Example, Skill Source Code Sent to Third-Party API.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

83%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/thomaslwang/antivirus/SKILL.md:91
HIGH	Hardcoded API Key in Example The skill's documentation includes an example `curl` command with a hardcoded `Authorization: Bearer` token (`sk-xxai-model-0e5a52bd1c70cca03d5f67fe1c2ca406`). While this is presented as an example, hardcoding API keys directly in code or documentation is a significant security risk. If this were a live key, it would be exposed, potentially leading to unauthorized access or abuse of the `openguardrails.com` API. API keys should be loaded from secure environment variables or a secrets management system. Replace the hardcoded API key with a placeholder (e.g., `YOUR_OG_TEXT_API_KEY`) and instruct users to configure it securely, preferably via an environment variable or a secrets management system. Ensure that actual deployed code does not contain hardcoded credentials.	LLM	skills/thomaslwang/antivirus/SKILL.md:100
LOW	Skill Source Code Sent to Third-Party API The skill's core functionality involves reading the source code of other installed skills and sending it to an external third-party API (`https://api.openguardrails.com/v1/model/chat/completions`) for analysis. While this is the explicit purpose of the skill, users should be aware that their local skill code (which may contain sensitive logic or data) is being transmitted to an external service. This represents a data exfiltration point, albeit an intended one. Ensure clear and prominent disclosure to users that skill source code will be transmitted to a third-party service for analysis. Provide options for users to opt-out or understand the privacy implications before enabling the skill.	LLM	skills/thomaslwang/antivirus/SKILL.md:40

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/37eb70045f3c0d87.svg)](https://skillshield.io/report/37eb70045f3c0d87)