Trust Assessment
topic-monitor received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 5 critical, 3 high, 2 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Arbitrary command execution, Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/robbyczgw-cla/topic-monitor/scripts/setup_cron.py:146 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/robbyczgw-cla/topic-monitor/scripts/monitor.py:72 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/robbyczgw-cla/topic-monitor/scripts/setup_cron.py:27 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/robbyczgw-cla/topic-monitor/scripts/setup_cron.py:39 | |
| CRITICAL | Untrusted search results embedded in LLM-facing markdown The skill generates markdown messages for alerts and digests using content directly from untrusted web search results (e.g., 'title', 'snippet', 'url', 'context'). If a malicious actor can manipulate search results (e.g., via SEO poisoning or by controlling a website that gets indexed), they could inject prompt injection commands or markdown-based exploits into the generated messages. These messages are then passed to the OpenClaw agent, which may feed them to an LLM, leading to the LLM being manipulated. This directly violates the rule regarding flagging prompt injection attempts in untrusted content. Implement robust sanitization or escaping of all untrusted content (e.g., 'title', 'snippet', 'url', 'context') before embedding it into markdown strings that will be processed by an LLM or rendered in a user interface. This could involve using a markdown-aware sanitization library or explicitly escaping markdown control characters. For LLM consumption, consider passing raw text and instructing the LLM to summarize, rather than pre-formatted markdown. | LLM | scripts/process_alerts.py, scripts/digest.py:39 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'search_topic'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/robbyczgw-cla/topic-monitor/scripts/monitor.py:72 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'set_crontab'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/robbyczgw-cla/topic-monitor/scripts/setup_cron.py:39 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_current_crontab'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/robbyczgw-cla/topic-monitor/scripts/setup_cron.py:27 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/robbyczgw-cla/topic-monitor/scripts/monitor.py:203 | |
| MEDIUM | Unpinned npm dependency version Dependency 'python' is not pinned to an exact version ('>=3.8'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/robbyczgw-cla/topic-monitor/package.json | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/robbyczgw-cla/topic-monitor/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/41f360d3bed4619c)
Powered by SkillShield