Trust Assessment
snake-game received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 14 findings: 9 critical, 3 high, 1 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: macOS LaunchAgent, Persistence mechanism: systemd service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings14
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gigi-trifle/snake-game/SKILL.md:159 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gigi-trifle/snake-game/lib/process.mjs:312 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gigi-trifle/snake-game/lib/process.mjs:319 | |
| CRITICAL | Persistence / self-modification instructions macOS LaunchAgent/LaunchDaemon persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gigi-trifle/snake-game/lib/process.mjs:342 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gigi-trifle/snake-game/SKILL.md:152 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gigi-trifle/snake-game/lib/process.mjs:294 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gigi-trifle/snake-game/lib/process.mjs:299 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gigi-trifle/snake-game/lib/process.mjs:304 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/gigi-trifle/snake-game/lib/process.mjs:331 | |
| HIGH | Persistence mechanism: macOS LaunchAgent Detected macOS LaunchAgent pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/gigi-trifle/snake-game/SKILL.md:159 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/gigi-trifle/snake-game/SKILL.md:152 | |
| HIGH | Telegram Bot Token Access and Log Redirection The skill accesses the Telegram bot token from the user's `~/.openclaw/openclaw.json` file. While used for legitimate logging, this grants the skill direct access to a sensitive credential. Furthermore, the `telegramChatId` can be configured by the user via CLI (`snake telegram <chat_id>`), allowing an attacker to redirect all daemon logs and status updates (which may contain operational data like game state, balance, votes, and errors) to an arbitrary Telegram chat. This poses a significant data exfiltration risk if the skill is compromised or if a user is tricked into setting a malicious chat ID. Implement the principle of least privilege. The skill should not directly read the `openclaw.json` file for credentials. Instead, the OpenClaw runtime should securely provide the necessary Telegram bot token to the skill, perhaps via an environment variable or a dedicated secure API, limiting the skill's direct filesystem access to sensitive configuration. For `telegramChatId`, implement stricter validation or require explicit user confirmation for changes, especially if the new ID is external to the user's known contacts. Ensure that any data logged to Telegram is carefully reviewed for sensitive information. | LLM | lib/config.mjs:109 | |
| MEDIUM | Unpinned npm dependency version Dependency 'trifle-bot-types' is not pinned to an exact version ('^1.0.7'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/gigi-trifle/snake-game/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/gigi-trifle/snake-game/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/2da4b02b2b92582e)
Powered by SkillShield