Security Audit

tracks

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

tracks received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Untrusted content instructs LLM to perform external actions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/swairshah/usdc/tracks/SKILL.md:1
MEDIUM	Untrusted content instructs LLM to perform external actions The `SKILL.md` file, designated as untrusted input, contains explicit instructions for the host LLM to perform actions such as fetching URLs and checking file contents. While these instructions are part of a verification process and include some guardrails (e.g., 'Only fetch HTTPS URLs from public domains'), any direct command to the LLM from untrusted content constitutes a prompt injection risk. This could potentially be exploited if the underlying execution environment for these actions has vulnerabilities (e.g., Server-Side Request Forgery in URL fetching, path traversal in file checks), or if the LLM's interpretation of these commands leads to unintended behavior. Move instructions for agent actions (like fetching URLs or file system checks) out of the untrusted `SKILL.md` content and into the skill's trusted code or configuration. The `SKILL.md` should primarily be descriptive documentation, not executable commands for the agent. If verification logic is required, it should be implemented in the skill's trusted code, which then uses parameters from the `SKILL.md` (e.g., the URL to check) rather than interpreting commands directly from it.	LLM	SKILL.md:70

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/cacb936569c3b7aa.svg)](https://skillshield.io/report/cacb936569c3b7aa)