Security Audit
sundial-org/awesome-openclaw-skills:skills/agent-zero-bridge
github.com/sundial-org/awesome-openclaw-skillsTrust Assessment
sundial-org/awesome-openclaw-skills:skills/agent-zero-bridge received a trust score of 0/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 9 critical, 4 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Sensitive path access: AI agent config, User input directly embedded in Agent Zero prompt.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/agent-zero-bridge/SKILL.md:34 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/agent-zero-bridge/SKILL.md:38 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/agent-zero-bridge/scripts/a0_client.js:35 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/agent-zero-bridge/scripts/clawdbot_client.js:12 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/agent-zero-bridge/scripts/clawdbot_client.js:30 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/agent-zero-bridge/scripts/lib/config.js:28 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/agent-zero-bridge/scripts/lib/config.js:37 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/agent-zero-bridge/scripts/lib/config.js:38 | |
| CRITICAL | User input directly embedded in Agent Zero prompt The `task_breakdown.js` script constructs a prompt for Agent Zero by directly embedding user-provided task descriptions. An attacker could craft a malicious task description containing instructions that manipulate Agent Zero's behavior, leading to unintended actions, data exposure, or other security breaches within the Agent Zero environment. Implement robust input sanitization or use a structured input method for `taskDescription` to prevent it from being interpreted as instructions by Agent Zero. For example, enclose the user input in XML tags or a specific JSON structure that Agent Zero is programmed to parse, rather than directly concatenating it into the prompt string. | LLM | scripts/task_breakdown.js:40 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/agent-zero-bridge/SKILL.md:24 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/agent-zero-bridge/SKILL.md:27 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/agent-zero-bridge/SKILL.md:56 | |
| HIGH | Arbitrary file read and exfiltration via `--attach` option The `a0_client.js` script allows users to attach files to messages sent to Agent Zero using the `--attach <path>` command-line option. The `a0_api.js` library then reads the content of the specified file using `fs.readFileSync(filePath)` and sends its base64-encoded content to the Agent Zero API. An attacker could specify an arbitrary file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `.env` files) to read sensitive system files and exfiltrate their contents to the Agent Zero service. Restrict the `--attach` functionality to a predefined, secure directory or implement a strict allowlist for file types and locations. Alternatively, use a file selection mechanism that does not expose arbitrary file paths to user input. Ensure that the Agent Zero service itself has appropriate access controls and logging for received attachments. | Static | scripts/lib/a0_api.js:83 |
Scan History
Embed Code
[](https://skillshield.io/report/656bf3f153c14392)
Powered by SkillShield