Skills
skills/sundial-org/awesome-openclaw-skills/ggshield-scanner/Gen Agent Trust Hub

ggshield-scanner

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the ggshield and git binaries using the subprocess.run function in ggshield_skill.py. The implementation uses list-based arguments and does not use shell=True, which effectively prevents command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The documentation includes a setup command that downloads a script from https://molt.bot/install.sh. This is a legitimate part of the Moltbot platform installation process and is not triggered or executed by the skill code itself.
  • [REMOTE_CODE_EXECUTION]: While an automated scanner detected a piped-to-bash pattern, this pattern is located solely within the documentation as an installation example for the platform. It does not constitute a vulnerability in the skill's operational logic.
  • [CREDENTIALS_UNSAFE]: The skill correctly manages the required GITGUARDIAN_API_KEY by reading it from environment variables and passing it to the CLI tool securely, adhering to best practices by avoiding any hardcoded credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:25 AM