Trust Assessment
skillfence received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 10 critical, 1 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:135 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:138 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:8 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:331 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:384 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:386 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:778 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:780 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:782 | |
| CRITICAL | Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/deeqyaqub1-cmd/skillfence/package.json:16 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/deeqyaqub1-cmd/skillfence/monitor.js:134 | |
| MEDIUM | Mismatched repository URL in package.json The `package.json` file specifies a repository URL (`https://github.com/deeqyaqub1-cmd/skillfence-openclaw`) that differs from the skill's apparent location within the `openclaw/skills` repository (`https://github.com/openclaw/skills`). This discrepancy creates a supply chain risk, as users might assume the skill is officially maintained by the `openclaw` organization while its declared source points to a different, potentially less trusted, maintainer. This could lead to unexpected code changes or malicious updates if the skill's true origin is not carefully verified. 1. **Clarify Origin**: If this skill is an official part of the `openclaw` project, update the `repository.url` in `package.json` to point to the correct `openclaw` repository. 2. **Fork Acknowledgment**: If this is a community-contributed fork, ensure clear documentation in `SKILL.md` and `package.json` that it is a fork and not directly maintained by the primary `openclaw` organization, to manage user expectations and trust. 3. **Verify Upstream**: If this skill is intended to be a re-publication, verify the integrity and security of the `deeqyaqub1-cmd/skillfence-openclaw` repository. | LLM | package.json:27 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/deeqyaqub1-cmd/skillfence/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/0cf01da3edd6d018)
Powered by SkillShield