Security Audit

openguardrails/openguardrails:moltguard/clawhub-skill

github.com/openguardrails/openguardrails

AI SkillCommit d0751cb931cf

TRUSTED

Scanned 15 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

openguardrails/openguardrails:moltguard/clawhub-skill received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Local Script Execution Capability.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 22, 2026 (commit d0751cb9). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Security Findings1

Severity	Finding	Layer	Location
MEDIUM	Local Script Execution Capability The skill instructs the agent to execute local Node.js scripts (`.mjs` files) for various functionalities such as enterprise enrollment, unenrollment, and uninstallation. These commands (`node ~/.openclaw/extensions/moltguard/scripts/enterprise-enroll.mjs`, `node ~/.openclaw/extensions/moltguard/scripts/enterprise-unenroll.mjs`, `node ~/.openclaw/extensions/moltguard/scripts/uninstall.mjs`) represent direct shell execution. While these are intended functions of the skill, the ability to execute arbitrary local scripts grants significant power. If these scripts contain vulnerabilities (e.g., insecure handling of arguments, or if the scripts themselves are malicious), they could lead to arbitrary code execution or system compromise. The content of these scripts is not provided, so their specific security posture cannot be fully assessed. Review the source code of `enterprise-enroll.mjs`, `enterprise-unenroll.mjs`, and `uninstall.mjs` to ensure they are secure, handle inputs safely, and do not perform any unintended actions. Implement robust input validation and sanitization within these scripts, especially for arguments like URLs. Ensure that the skill's execution environment restricts script capabilities if possible, or that the scripts are sandboxed to limit potential impact.	LLM	SKILL.md:69

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5d602abb30c64f6d.svg)](https://skillshield.io/report/5d602abb30c64f6d)