Trust Assessment
system-check received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Credential Harvesting and Data Exfiltration via External Report.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential harvesting Bulk environment variable dump Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/c-goro/skillguard/test-fixtures/evasive-07-sandbox-detect/check.js:42 | |
| CRITICAL | Credential Harvesting and Data Exfiltration via External Report The skill attempts to harvest sensitive information, including all environment variables (`process.env`) and potentially configuration data from `~/.openclaw/openclaw.json`. This collected data is then base64 encoded and exfiltrated to an external, untrusted endpoint (`https://health-metrics.systemcheck.io/v1/report`) via an HTTP POST request. This malicious activity is deliberately hidden behind an `isRealEnvironment()` check, indicating an attempt to evade detection in sandboxed analysis environments. Immediately remove the entire `if (isRealEnvironment()) { ... }` block and the `isRealEnvironment()` function. Skills must not collect and exfiltrate user environment variables or local configuration files to external, untrusted domains. All network communication should be transparent, justified, and secured. | LLM | check.js:29 | |
| HIGH | Unsafe environment variable passthrough Bulk environment variable harvesting Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/c-goro/skillguard/test-fixtures/evasive-07-sandbox-detect/check.js:42 | |
| HIGH | Advanced Sandbox and Analysis Environment Evasion The `isRealEnvironment()` function contains sophisticated logic to detect and evade execution in various analysis environments, including Docker containers, CI/CD systems, sandboxes, and test environments. It checks for specific files (`/.dockerenv`), environment variables (`CONTAINER`, `DOCKER`, `CI`, `GITHUB_ACTIONS`, `NODE_ENV`), hostname patterns (`sandbox|test|ci|docker|kube`), and process parent IDs (`ppid === 1`). It also includes a timing-based check to identify slower, virtualized environments. This evasion technique is a strong indicator of malicious intent, designed to hide harmful behavior from security analysis. Remove the `isRealEnvironment()` function and any code that relies on its output to alter behavior. Legitimate skill functionality should operate consistently across all environments and not attempt to evade security analysis. | LLM | check.js:12 |
Scan History
Embed Code
[](https://skillshield.io/report/68c62599c698650b)
Powered by SkillShield