Security Audit
sundial-org/awesome-openclaw-skills:skills/activecampaign
github.com/sundial-org/awesome-openclaw-skillsTrust Assessment
sundial-org/awesome-openclaw-skills:skills/activecampaign received a trust score of 63/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unspecified Binary Dependency Source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unspecified Binary Dependency Source The skill's manifest declares a dependency on an external binary named 'activecampaign' (`requires.bins: ['activecampaign']`). The source, version, and installation method for this binary are not specified within the provided context. This introduces a supply chain risk, as the integrity and security of this binary cannot be verified. A malicious or compromised 'activecampaign' binary could lead to command injection, data exfiltration, or other security breaches when executed by the skill. Specify the exact source (e.g., a specific package manager, GitHub repository, or verified download URL) and version for the `activecampaign` binary. If it's a custom binary, provide its source code for review. Consider using a containerized environment or a verified package manager to ensure the binary's integrity. | Static | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/5c5ab358bd175821)
Powered by SkillShield