Security Audit

sundial-org/awesome-openclaw-skills:skills/adversarial-prompting

github.com/sundial-org/awesome-openclaw-skills

AI SkillCommit 6d998e005da6

CRITICAL

Scanned 27 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

sundial-org/awesome-openclaw-skills:skills/adversarial-prompting received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Untrusted skill instructs LLM to execute local script.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Untrusted skill instructs LLM to execute local script The `SKILL.md` file, which is treated as untrusted content, contains an explicit instruction for the host LLM to execute a local Python script (`scripts/export_analysis.py`). This is a prompt injection attempt, as it directs the LLM to perform an action beyond its primary task of generating text, potentially leading to command execution in the host environment. Instructions to execute local system commands or scripts should originate from trusted configurations, not from untrusted skill descriptions. Remove or rephrase the instruction to execute local scripts within the untrusted `SKILL.md`. If script execution is intended functionality, it should be explicitly defined in a trusted manifest or configuration, not embedded as an instruction within the untrusted skill description. The LLM's execution environment should also strictly control and sanitize any arguments passed to such scripts.	LLM	SKILL.md:87

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8fc50196b38363f6.svg)](https://skillshield.io/report/8fc50196b38363f6)