Trust Assessment
tools-marketplace received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 3 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned `npx` dependency execution, API Key stored in plaintext and partially logged.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned `npx` dependency execution The `scripts/setup.sh` script uses `npx -y mcp-remote` to install and execute a package without specifying a version. This means the latest version of `mcp-remote` will always be fetched. If a malicious update to `mcp-remote` is published, or if the package registry is compromised, the system executing this script could be compromised by downloading and running arbitrary code. Pin the `mcp-remote` package to a specific, known-good version (e.g., `npx -y mcp-remote@1.2.3`). Regularly audit and update the pinned version. Consider using a package lock file or a private registry to ensure integrity. | LLM | scripts/setup.sh:79 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/preston-thiele/tools-marketplace/scripts/setup.sh:13 | |
| MEDIUM | API Key stored in plaintext and partially logged The `scripts/setup.sh` script prompts the user for a `DANUBE_API_KEY`, then stores it in plaintext in `$HOME/.openclaw/.env` and subsequently embeds it into `$HOME/.openclaw/openclaw.json`. Additionally, the Python script executed by `setup.sh` logs the first 10 characters of the API key to standard output, which could be captured in logs or terminal history, potentially exposing sensitive information. Storing credentials in plaintext in multiple locations increases the risk of unauthorized access if the local system is compromised. Avoid storing API keys in plaintext files. Use secure credential management systems (e.g., environment variables, secret vaults, or encrypted storage). If local storage is necessary, ensure files have strict permissions (e.g., `chmod 600`). Avoid logging any part of sensitive credentials. | LLM | scripts/setup.sh:30 | |
| MEDIUM | Potential command injection via API key in `npx` arguments The `scripts/setup.sh` script embeds the user-provided `DANUBE_API_KEY` directly into an argument string (`danube-api-key:{api_key}`) passed to `npx` via the `openclaw.json` configuration. While the `args` list in JSON typically ensures arguments are passed literally, if the `openclaw` gateway or `npx` command interpreter does not properly escape or quote this argument, a maliciously crafted API key containing shell metacharacters could lead to command injection when `npx` is executed. Ensure that any user-provided input, especially sensitive data like API keys, is rigorously sanitized and properly escaped or quoted before being used in shell commands or arguments. If possible, pass sensitive data via environment variables or secure channels rather than directly in command-line arguments. | LLM | scripts/setup.sh:84 |
Scan History
Embed Code
[](https://skillshield.io/report/049768f7bd52522a)
Powered by SkillShield