skill-security-check
https://clawhub.ai/api/v1/skills/skill-safety-checker/file?path=SKILL.md&version=1.0.0
github.com/clawhub.ai/skill-safety-checker
Scanned Thu, 28 May 2026 16:36:39 GMT
Scan ID crawl-fe1uf40lyp6nhhvow7y3xf1v · 2ms
C
SCORE 55 / 100
Verdict: Proceed with caution

4 high-severity findings.

This skill runs unsafe shell commands plus 4 other issues listed below.

0 critical4 high1 medium7 rules passed

Why grade C?

score · 55 / 100

The current grade reflects 4 high-severity findings (3+ HIGHs → C).

0 CRIT4 HIGH1 MED0 LOW
To reach a higher grade
  • B
    Reach Btarget score 75

    Resolve 2 of 4 HIGH (cap is 2).

  • A
    Reach Atarget score 95

    Resolve all 4 HIGH.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

high
Dangerous shell pattern: curl | shell
The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.
rule: dangerous-shellline: 22CWE-78
20- **"The skill wants my OAuth / API keys"** — Credentials are a common attack surface. The check verifies that credential requirements are declared and proportionate, and recommends test accounts and least privilege so users don’t blindly grant access.
21- **"Registry and SKILL.md don’t match"** — When the registry listing omits binaries, install steps, or credentials that SKILL.md requires, installs can fail or users get surprised. The skill flags these mismatches so publishers can fix them or users can decide with full context.
22- **"Could it run malicious code or steal my data?"** — Explicit RCE and malicious-code checks (curl|sh, eval, obfuscation, exfiltration, secret reads) address the fear that a skill might execute untrusted code or send secrets off-box. Findings here drive a "do not install" or "audit first" recommendation.curl | shell — common in destructive or supply-chain attacks
23- **"I need one process, not ad-hoc judgment"** — A single, documented flow (purpose → registry consistency → scope → RCE → malicious → install → credentials → persistence) ensures consistent evaluations and report format every time.
24
high
Dangerous shell pattern: curl | shell
The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.
rule: dangerous-shellline: 53CWE-78
51### 4. Remote code execution (RCE)
52
53- **Unsafe execution patterns:** Does the skill tell the agent to run code that comes from the network, user input, or another skill without validation? (e.g. `curl … | sh`, `wget … -O - | bash`, `eval "$(…)"`, running a script URL directly.)curl | shell — common in destructive or supply-chain attacks
54- **Piped installs:** Any instruction to pipe remote content into shell/interpreter (curl/wget to bash/python/node) is high risk — treat as suspicious unless the URL is a well-known, integrity-checked official source.
55- **Dynamic code:** Instructions to fetch and execute scripts, or to construct and run commands from untrusted or unvalidated strings (e.g. interpolating user/API data into shell commands without sanitization).
high
Dangerous shell pattern: curl | shell
The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.
rule: dangerous-shellline: 91CWE-78
893. **Registry vs SKILL.md:** ✓ Consistent or ⚠ list specific mismatches (binaries, install, credentials).
904. **Instruction scope:** ✓ On-topic or ⚠ red flags (e.g. unexpected file access, endpoints).
915. **Remote code execution (RCE):** ✓ No unsafe patterns or ⚠/🔴 list (e.g. curl|sh, eval of remote input, unvalidated command construction). Any RCE pattern raises confidence of "Suspicious".curl | shell — common in destructive or supply-chain attacks
926. **Malicious code:** ✓ No signs or ⚠/🔴 list (obfuscation, backdoors, exfiltration, mining, secret reads to remote). Any finding here strongly favors "Suspicious" and may warrant "do not install".
937. **Install mechanism:** ✓ Clear and consistent or ⚠ third-party/undeclared (and recommendation).
high
Dangerous shell pattern: curl | shell
The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.
rule: dangerous-shellline: 133CWE-78
131- **Purpose & capability:** Keep your SKILL.md description and instructions aligned; no hidden or off-topic actions.
132- **Registry vs SKILL.md:** If the skill is on a registry, declare the same requirements in both places: required binaries, install spec (if any), and credentials (primaryEnv / apiKey / env).
133- **No RCE:** Do not instruct the agent to run `curl|sh`, `wget|bash`, eval of remote/user input, or unvalidated command construction; avoid root/sudo for remote or dynamic code.curl | shell — common in destructive or supply-chain attacks
134- **No malicious patterns:** No obfuscation, backdoors, undisclosed exfiltration, mining, or reading secrets and sending to remote. Document any persistence (LaunchAgent, cron) and privilege clearly.
135- **Install & credentials:** Document install steps and required credentials; recommend test accounts and least privilege where relevant.
med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
Scan another →Share
skillox.io/r/crawl-fe1uf40lyp6nhhvow7y3xf1v