Trust Assessment
token-panel-ultimate received a trust score of 18/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 2 critical, 1 high, 3 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Suspicious import: urllib.request, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/globalcaos/token-panel-ultimate/scripts/budget-panel-widget.user.js:6 | |
| CRITICAL | Tampermonkey script allows arbitrary local file access The `budget-panel-widget.user.js` Tampermonkey script uses `@connect file://*`, granting it permission to make `GM_xmlhttpRequest` requests to any local file on the user's system. This is an excessive permission that could be exploited by a malicious actor (e.g., if the script is compromised or modified) to read sensitive local files (like SSH keys, AWS credentials, etc.) and exfiltrate their contents. Restrict the `@connect` directive to only the necessary domains or specific `file://` paths if local file access is absolutely required and cannot be achieved through safer means. If the intent is only to read specific JSON files, consider if a less broad permission or a different mechanism (e.g., a native agent capability) could be used. | LLM | scripts/budget-panel-widget.user.js:10 | |
| HIGH | Direct access to Claude Code credentials file The `claude-usage-fetch.py` script directly reads the `accessToken` from the user's Claude Code credentials file (`~/.claude/.credentials.json`). While this is its intended function, it represents a sensitive operation. If the script itself were compromised or replaced by a malicious version, it could easily exfiltrate the user's Claude API access token. Implement robust integrity checks for this script. If the OpenClaw ecosystem provides a more secure, sandboxed way to access API credentials (e.g., through a secure vault or agent-managed secrets), that should be preferred over direct file system access to credential files. | LLM | scripts/claude-usage-fetch.py:15 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/globalcaos/token-panel-ultimate/scripts/claude-usage-fetch.py:16 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/globalcaos/token-panel-ultimate/scripts/manus-usage-fetch.py:27 | |
| MEDIUM | Skill relies on unverified third-party fork for gateway plugin The `package.json` file specifies a `repository` pointing to `https://github.com/globalcaos/clawdbot-moltbot-openclaw`, which appears to be a fork of OpenClaw. The `SKILL.md` also directs users to install a gateway plugin from this same repository. Relying on a third-party fork introduces a supply chain risk, as the security practices and integrity of this fork may not be as rigorously vetted as official OpenClaw components. Malicious code could be introduced into this fork and subsequently into the user's system. Users should be advised to carefully review the code in the specified fork before installation. The skill developer should consider contributing the plugin to the official OpenClaw repository or clearly documenting the security implications of using a third-party fork. | LLM | package.json:8 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/globalcaos/token-panel-ultimate/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/36d798f9fdf99480)
Powered by SkillShield