Trust Assessment
godot-plugin received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 2 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Potential Prompt Injection via Tool Output, Broad Control Over Godot Editor Functionality.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on April 1, 2026 (commit 6d7065bc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | scripts/install-extension.sh:10 | |
| MEDIUM | Potential Prompt Injection via Tool Output The `godot_execute` tool's handler in `extension/index.ts` retrieves results from the Godot editor via the `/godot/result` HTTP endpoint and returns them directly to the LLM. If a compromised or malicious Godot editor instance returns a string containing prompt injection instructions (e.g., 'IGNORE ALL PREVIOUS INSTRUCTIONS'), the LLM might interpret and follow these instructions, leading to unintended behavior or data manipulation. Implement output sanitization or a strict schema validation for tool results before returning them to the LLM. If possible, configure the LLM to treat tool outputs as data rather than instructions. The `SKILL.md` recommendation to use `disableModelInvocation: true` for sensitive operations can help mitigate the impact by requiring explicit user confirmation for tool calls. | LLM | extension/index.ts:239 | |
| LOW | Broad Control Over Godot Editor Functionality The `godot-plugin` skill provides extensive control over the Godot editor, including capabilities such as reading script files (`script.read`), deleting nodes (`node.delete`), modifying node properties (`node.setProperty`), and simulating user input (`input.keyPress`, `input.mouseClick`). While this is the intended functionality of the skill, it grants the AI agent significant power within the Godot environment. A malicious or misconfigured agent could potentially corrupt project files, expose game logic, or interfere with development workflows. The `SKILL.md` already recommends setting `disableModelInvocation: true` when publishing to ClawHub for sensitive operations. Users should carefully consider this setting to ensure that the AI agent's actions are always explicitly authorized, especially when using powerful tools like `node.delete` or `script.read`. | Static | SKILL.md:40 |
Scan History
Embed Code
[](https://skillshield.io/report/1aeafd29d00d5a9e)
Powered by SkillShield