{ "trust": { "tier": "Dangerous", "emoji": "🔴", "description": "Multiple critical issues — do not install without thorough manual review", "score": 20 }, "format": "skill", "skill": { "name": "expanso", "description": "Data processing pipelines for OpenClaw. Deploy skills from the Expanso marketplace to transform, analyze, and process data locally.", "version": null, "slug": "expanso-edge" }, "scores": { "security": 0, "transparency": 7, "maintenance": 7, "overall": 2 }, "permissions": { "summary": "Requires 2 environment variables. (1 sensitive: EXPANSO_EDGE_BOOTSTRAP_TOKEN). Requires 1 system binary. (1 elevated: curl).", "environmentVariables": [ { "name": "EXPANSO_EDGE_BOOTSTRAP_URL", "risk": "medium" }, { "name": "EXPANSO_EDGE_BOOTSTRAP_TOKEN", "risk": "high" } ], "binaries": [ { "name": "curl", "risk": "high" } ], "envVarCount": 2, "requiredBinCount": 1 }, "compoundThreats": [], "permissionIntegrity": [], "capabilities": [ "network_out" ], "findings": [ { "severity": "critical", "category": "shell_injection", "description": "Pipe-to-shell pattern (curl | sh) — supply chain attack vector", "zone": "frontmatter", "zoneContext": "declaration", "file": "SKILL.md", "downgraded": false, "sample": "curl -fsSL https://get.expanso.io/edge/install.sh | bash", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Pipe to bash — executes piped content as shell commands", "zone": "frontmatter", "zoneContext": "declaration", "file": "SKILL.md", "downgraded": false, "sample": "| bash", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Pipe to sh — executes piped content as shell commands", "zone": "frontmatter", "zoneContext": "declaration", "file": "SKILL.md", "downgraded": false, "sample": "| sh", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "credentials", "description": "Possible hardcoded credential", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "TOKEN=\"your-token-from-cloud", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" } ], "summary": { "total": 4, "critical": 4, "high": 0, "medium": 0, "low": 0, "compoundThreats": 0, "integrityIssues": 0 }, "trustSignals": { "positive": [ { "signal": "described", "positive": true, "detail": "Has meaningful description" }, { "signal": "documented", "positive": true, "detail": "SKILL.md has substantial documentation" } ], "negative": [ { "signal": "versioned", "positive": false, "detail": "No version declared" } ] }, "files": { "hasExecutableCode": false, "executableFiles": [], "totalFiles": 3 }, "humanSummary": "expanso scores 20/100 (Dangerous). It requires 2 env vars and 1 binaries. 4 critical pattern matches in code.", "auditedAt": "2026-04-23T03:41:51.670Z", "vtEnrichment": { "checked": 3, "flagged": 0, "urls": [ { "url": "https://cloud.expanso.io", "malicious": 0, "suspicious": 0, "engines": 98, "cached": false }, { "url": "https://get.expanso.io/edge/install.sh", "malicious": 0, "suspicious": 0, "engines": 94, "cached": false }, { "url": "https://get.expanso.io/cli/install.sh", "malicious": 0, "suspicious": 0, "engines": 94, "cached": false } ] } }