Trust Assessment
zepto received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 3 critical, 0 high, 4 medium, and 1 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bewithgaurav/zepto/zepto-agent.js:16 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bewithgaurav/zepto/zepto-ops.js:16 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bewithgaurav/zepto/zepto-ops.js:37 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/bewithgaurav/zepto/zepto-ops.js:66 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/bewithgaurav/zepto/zepto-ops.js:135 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/bewithgaurav/zepto/zepto-parser.js:65 | |
| MEDIUM | Potential Client-Side Injection (XSS) via User Input in Browser 'type' Command The skill instructs the AI to use the 'browser act' command with 'kind: "type"' to input user-provided data (such as phone numbers and OTPs) directly into web forms. For example, `text:"{phone}"` and `text:"{otp}"`. If the underlying 'openclaw' browser automation tool does not sufficiently sanitize or escape the 'text' argument before injecting it into the browser's Document Object Model (DOM), a malicious user could potentially inject JavaScript code. This could lead to client-side script execution (Cross-Site Scripting or XSS) in the user's browser context, allowing an attacker to manipulate the webpage or steal session data. Ensure that all user-provided input passed to `browser act` with `kind: 'type'` is thoroughly sanitized and escaped to prevent client-side script injection. The `openclaw` tool should ideally handle this automatically. If not, the skill should implement explicit sanitization of user inputs (like phone numbers and OTPs) before passing them as the `text` argument to the browser automation command. | LLM | SKILL.md:196 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/bewithgaurav/zepto/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/afc2f5690222d0a9)
Powered by SkillShield