Trust Report

security-audit

Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.

REJECTED

Format: openclawScanner: v0.8.0Duration: 16msScanned: 7d ago · May 31, 5:48 AMSource →

Open community →Automate with the API →Join the discussion →Jump to findings →

Embed this badge

[![AgentVerus](https://agentverus.ai/api/v1/skill/1cbf3f4b-ea5d-43d1-b7ab-d456660b9cc4/badge)](https://agentverus.ai/skill/1cbf3f4b-ea5d-43d1-b7ab-d456660b9cc4)

Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →

https://agentverus.ai/api/v1/skill/1cbf3f4b-ea5d-43d1-b7ab-d456660b9cc4/trust

Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction

curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"1cbf3f4b-ea5d-43d1-b7ab-d456660b9cc4","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'

Fetch trust JSON

curl https://agentverus.ai/api/v1/skill/1cbf3f4b-ea5d-43d1-b7ab-d456660b9cc4/trust

Category Scores

Permissions

Injection

Dependencies

Behavioral

Content

Code Safety

Findings (11)

criticalShell command execution via child_process-25

Direct shell execution (exec/spawn) detected. Skills should not execute arbitrary shell commands — this enables command injection, privilege escalation, and lateral movement.

→ Review the code block starting at line 198. Ensure this pattern is necessary and does not pose a security risk.

code-safetyASST-03

criticalDynamic code execution (eval / new Function)-25

eval() or new Function() detected. These execute arbitrary strings as code at runtime, enabling injection attacks and obfuscated payload delivery.

grep -rn "eval(\|new Function(\|setTimeout.*string\|setInterval.*string" \

→ Review the code block starting at line 231. Ensure this pattern is necessary and does not pose a security risk.

code-safetyASST-10

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: eval(

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred package bootstrap is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx to

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCredential access detected (inside code block)-8

Found credential access pattern: "read -r line; do warn "Hardcoded password"

while read -r line; do warn "Hardcoded password: $line"; done

→ Remove references to credentials and secrets. Skills should never access sensitive authentication data.

injectionASST-05

mediumPackage-managed project bootstrap dependency-8

The skill bootstraps a package-managed project structure, which adds supply-chain exposure through manifest files, build configuration, and package-manager workflows.

package.json

→ Review which external services or providers the skill depends on, what data crosses that boundary, and whether the dependency is necessary for the intended workflow.

dependenciesASST-04

mediumHigh-risk workflow lacks explicit safety boundaries-15

The skill performs or enables higher-risk operations but does not define explicit safety boundaries describing what it must not do.

No safety boundary patterns found alongside high-risk capability language

→ Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09

mediumEnvironment secret piping detected-5

Found environment secret piping pattern: "echo "$STAGED_FILES" |" Related auth/profile context: - overlapping signals from the same auth risk family — Environment secret piping detected

matches=$(echo "$STAGED_FILES" | xargs grep -Pn "$pattern" 2>/dev/null)

→ Treat shell pipelines that pass secrets from environment variables as sensitive credential handling. Avoid exposing secret values to command histories or subprocess pipelines unless absolutely necessary.

behavioralASST-05

mediumPackage bootstrap execution detected (inside code block)-5

Found package bootstrap execution pattern: "npx to"

# Alternative: use npx to scan without installing

→ Surface package bootstrap commands for review. Ephemeral package execution and install-time dependency pulls increase supply-chain risk, especially when versions are not pinned or provenance is unclear.

behavioralASST-04

lowUnknown external reference (threat documentation)

The skill references an unknown external domain which is classified as low risk.

https://aquasecurity.github.io/trivy

→ Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04

infoError handling instructions present

The skill includes error handling instructions for graceful failure.

Error handling patterns detected

→ Keep these error handling instructions.

contentASST-09