Trust Assessment
task-workflow received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Subagent Task Parameter, Supply Chain Risk: Unpinned Skill Dependency, Direct Shell Command Execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Subagent Task Parameter The skill uses `sessions_spawn` to create subagents, passing a `task` string as a parameter. If the platform does not adequately sanitize or sandbox the content of this `task` string before execution by the subagent, it could lead to arbitrary command injection or code execution within the subagent's context. The example shows `task: "..."`, indicating that the actual task content is dynamically generated by the agent. The underlying platform must ensure that the `task` string passed to `sessions_spawn` is executed within a strictly sandboxed environment, preventing arbitrary code execution or privilege escalation by subagents. Implement robust input validation and sanitization for all dynamically generated task content. | LLM | SKILL.md:69 | |
| HIGH | Supply Chain Risk: Unpinned Skill Dependency The skill directly invokes a script from another skill (`planning-with-files`) using a hardcoded path (`~/.openclaw/skills/planning-with-files/scripts/init-session.sh`). There is no explicit version pinning or integrity verification mechanism mentioned for the `planning-with-files` skill. This introduces a significant supply chain risk, as a compromise or malicious update to `planning-with-files` could directly impact the security of this skill. Implement version pinning or content hashing for all skill dependencies. Ensure that `planning-with-files` is from a trusted source and its integrity is verified before execution. Consider using a skill registry that enforces versioning and immutability. | LLM | SKILL.md:55 | |
| MEDIUM | Direct Shell Command Execution The skill explicitly instructs the agent to execute a `bash` command to initialize a session for another skill. While this might be an intended functionality for skill interaction, direct shell command execution is a powerful primitive that, if not properly sandboxed or if the target script is compromised, could lead to command injection or privilege escalation. The risk is mitigated if the execution environment is strictly sandboxed. Ensure that all shell command executions are performed within a highly restricted and sandboxed environment. Regularly audit the `planning-with-files` skill and its scripts for vulnerabilities. Consider if a less privileged or more constrained method of skill invocation is available. | LLM | SKILL.md:55 |
Scan History
Embed Code
[](https://skillshield.io/report/c879218b88829ed0)
Powered by SkillShield