Skills
skills/sundial-org/awesome-openclaw-skills/a11y-checker/Gen Agent Trust Hub

a11y-checker

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions provide examples for running npx ai-a11y, which fetches and executes the latest version of a package from the public npm registry. The package source (LXGIC Studios) is a third-party entity that does not appear to be associated with the skill author (sundial-org), making the dependency unverifiable.
  • [REMOTE_CODE_EXECUTION]: Using npx to run an external package allows for arbitrary code execution on the host environment at runtime. Since the package content is not pinned to a specific version or hash, it can be updated by the maintainer at any time without notice.
  • [COMMAND_EXECUTION]: The skill functionality is implemented through the execution of shell commands, specifically using the npx utility to invoke CLI tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 12:24 AM