Security Audit

toon-utils

github.com/openclaw/skills

AI SkillCommit 5acc56773e07

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

toon-utils received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Global installation of unvetted package, Arbitrary data processing and potential exfiltration by unvetted `toon` utility.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 12, 2026 (commit 5acc5677). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Security Findings3

Severity	Finding	Layer	Location
HIGH	Global installation of unvetted package The skill explicitly instructs the agent to globally install an npm package `@toon-format/cli`. Installing global packages from potentially untrusted or unvetted sources can introduce malicious code onto the host system, leading to arbitrary command execution, data exfiltration, or system compromise. The package name itself is not widely recognized, raising suspicion about its legitimacy and security. Avoid instructing global package installations. If necessary, use a sandboxed environment or provide clear warnings about the risks. Verify the legitimacy and security of the `@toon-format/cli` package before allowing installation.	LLM	SKILL.md:11
HIGH	Arbitrary data processing and potential exfiltration by unvetted `toon` utility The skill instructs the agent to pipe various forms of data (local files, API responses, directory listings, inline strings) into the `toon` command. If the `toon` utility (installed globally as per the setup instructions) is malicious, it could read, modify, or exfiltrate sensitive data from `data.json`, API responses (potentially containing credentials or PII), or system directory structures. The `curl` example explicitly mentions support for all `curl` flags (e.g., `-H "Authorization: ..."`, `-X POST`), significantly increasing the risk of credential harvesting or data exfiltration through custom headers or POST bodies if the agent is prompted to fetch sensitive endpoints. Avoid instructing agents to pipe sensitive data to unvetted external utilities. If data transformation is required, use built-in, sandboxed, or explicitly trusted methods. Implement strict input validation and output sanitization. Restrict network access for skills or tools that handle sensitive data.	LLM	SKILL.md:30
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/lythaeon/toon-utils/SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/00da23e2afb0fde3.svg)](https://skillshield.io/report/00da23e2afb0fde3)