Security Audit
sundial-org/awesome-openclaw-skills:skills/accli
github.com/sundial-org/awesome-openclaw-skillsTrust Assessment
sundial-org/awesome-openclaw-skills:skills/accli received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned npm dependency in installation instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned npm dependency in installation instructions The installation command `npm install -g @joargp/accli` does not specify a version for the `@joargp/accli` package. This means that running the installation command will always fetch the latest available version. This poses a supply chain risk because a future malicious or buggy update to the package could be automatically installed, potentially compromising the system or introducing unexpected behavior. It also makes the build non-deterministic. Pin the dependency to a specific, known-good version. For example, `npm install -g @joargp/accli@1.2.3` (replace `1.2.3` with the desired version). Regularly review and update the pinned version to incorporate security fixes and new features in a controlled manner. | Static | SKILL.md:7 |
Scan History
Embed Code
[](https://skillshield.io/report/cdc4c4f1d17f0030)
Powered by SkillShield