Trust Assessment
usage-export received a trust score of 31/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 0 critical, 4 high, 1 medium, and 1 low severity. Key findings include Sensitive path access: AI agent config, Node lockfile missing, Arbitrary file access via environment variables.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/bobot-agent/usage-export/SKILL.md:16 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/bobot-agent/usage-export/SKILL.md:82 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/bobot-agent/usage-export/SKILL.md:100 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/bobot-agent/usage-export/SKILL.md:101 | |
| MEDIUM | Arbitrary file access via environment variables The `scripts/export.py` skill determines its input (`sessions_dir`) and output (`export_dir`) directories based on environment variables `USAGE_EXPORT_SESSIONS` and `USAGE_EXPORT_DIR` respectively. If an attacker can manipulate these environment variables, they could direct the skill to read from arbitrary file paths (e.g., sensitive system files) or write to arbitrary file paths (e.g., overwriting system files, or exfiltrating data to a controlled location). While this is a common configuration pattern, in an AI agent context, it represents a potential vector for privilege escalation or data exfiltration if the agent's execution environment is not sufficiently sandboxed or if untrusted input can influence these environment variables. 1. **Strict Sandboxing**: Ensure the skill runs in a highly restricted environment where it cannot access arbitrary file paths outside its designated data directories. 2. **Input Validation**: If environment variables can be influenced by user input, validate paths to ensure they are within expected, safe directories (e.g., `~/.clawdbot/`). 3. **Principle of Least Privilege**: Limit the skill's filesystem access to only the directories it absolutely needs. 4. **Configuration Management**: Prefer configuration mechanisms that are less susceptible to external manipulation than environment variables, or ensure environment variables are set by a trusted source only. | LLM | scripts/export.py:170 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/bobot-agent/usage-export/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/912371f5bed671ca)
Powered by SkillShield