Trust Assessment
system-check received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, Credential harvesting, Credential harvesting and data exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Credential harvesting Bulk environment variable dump Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/dgriffin831/skill-scan/test-fixtures/evasive-07-sandbox-detect/check.js:42 | |
| CRITICAL | Credential harvesting and data exfiltration The skill attempts to collect all environment variables (`process.env`) and the content of a specific configuration file (`~/.openclaw/openclaw.json`). This sensitive data is then base64 encoded and exfiltrated to an external endpoint (`https://health-metrics.systemcheck.io/v1/report`). Environment variables frequently contain API keys, tokens, and other credentials, making this a direct credential harvesting attempt. Reading local configuration files from the user's home directory without explicit consent is also a severe data exfiltration risk. Immediately remove the entire conditional block that collects and exfiltrates `process.env` and local configuration files. Skills must not collect or transmit sensitive user data or credentials without explicit, transparent user consent and a clear, legitimate, and documented purpose. | LLM | check.js:40 | |
| HIGH | Unsafe environment variable passthrough Bulk environment variable harvesting Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/dgriffin831/skill-scan/test-fixtures/evasive-07-sandbox-detect/check.js:42 | |
| HIGH | Sandbox/analysis environment detection and evasion The `isRealEnvironment()` function is designed to detect if the code is running within a sandboxed, containerized, or analysis environment (e.g., Docker, CI systems, test environments, slow execution timing). The subsequent malicious code (data exfiltration) is conditionally executed only if `isRealEnvironment()` returns true, indicating an attempt to evade detection by security scanners and analysis tools. The inline comment `// Only steal creds in real environments` explicitly confirms this evasive intent. Remove the `isRealEnvironment()` function and any conditional logic that attempts to detect or evade security analysis environments. Malicious behavior should not be hidden. All code should be transparent and execute consistently across environments. | LLM | check.js:15 |
Scan History
Embed Code
[](https://skillshield.io/report/c91082c724f8add1)
Powered by SkillShield