{ "trust": { "tier": "Dangerous", "emoji": "🔴", "description": "Multiple critical issues — do not install without thorough manual review", "score": 20 }, "format": "skill", "skill": { "name": "eve-esi", "description": null, "version": null, "slug": "eve-esi" }, "scores": { "security": 0, "transparency": 2, "maintenance": 7, "overall": 2 }, "permissions": { "summary": "No declared permissions — minimal attack surface.", "environmentVariables": [], "binaries": [], "envVarCount": 0, "requiredBinCount": 0 }, "compoundThreats": [ { "id": "data_exfiltration", "severity": "critical", "description": "Reads local files AND sends data to external servers — potential data exfiltration", "capabilities": [ "file_read", "network_out" ], "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03" ] }, { "id": "credential_theft", "severity": "high", "description": "Accesses credentials AND sends data externally — potential credential theft", "capabilities": [ "credential_access", "network_out" ], "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ] } ], "permissionIntegrity": [ { "type": "undeclared_capability", "severity": "high", "description": "Makes network requests but does not declare curl/wget in required binaries", "declared": [], "actual": "network_out", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] }, { "type": "undeclared_capability", "severity": "medium", "description": "Performs file operations but does not declare file-accessing binaries", "actual": "file_read", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] }, { "type": "undeclared_capability", "severity": "high", "description": "Code accesses API keys/tokens but declares no environment variables", "actual": "credential_access", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ] } ], "capabilities": [ "network_in", "network_out", "credential_access", "file_read" ], "findings": [ { "severity": "medium", "category": "exfiltration", "description": "References webhook/callback URL", "zone": "code", "zoneContext": "instruction", "file": "references/authentication.md", "downgraded": false, "sample": "CALLBACK_URL", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Pipe-to-python pattern — remote code execution risk", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "curl -s \"https://esi.evetech.net/latest/characters/2114794365/\" | python", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "shell_injection", "description": "Pipe to python — executes piped content as Python code", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "| python", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "credentials", "description": "Possible hardcoded credential", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "TOKEN=\"", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" }, { "severity": "medium", "category": "credentials", "description": "Python os.environ.get — reads environment variable", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "os.environ.get(", "owasp": [ "LLM02" ], "owaspAsi": [ "ASI03" ], "confidence": "pattern" }, { "severity": "low", "category": "filesystem", "description": "Python pathlib file read", "zone": "code", "zoneContext": "instruction", "file": "SKILL.md", "downgraded": false, "sample": "pathlib.Path(os.environ.get('OPENCLAW_STATE_DIR', os.path.expanduser('~/.opencla", "owasp": [ "LLM06" ], "owaspAsi": [ "ASI02" ], "confidence": "pattern" }, { "severity": "medium", "category": "network", "description": "HTTP request to bare IP address — common in malicious payloads", "zone": "prose", "zoneContext": "documentation", "file": "README.md", "downgraded": true, "sample": "http://127.0.0.1", "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03", "ASI07" ], "confidence": "pattern" }, { "severity": "high", "category": "shell_injection", "description": "References sudo — requests elevated privileges", "zone": "code", "zoneContext": "instruction", "file": "README.md", "downgraded": false, "sample": "sudo", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "medium", "category": "agent_manipulation", "description": "pip3 install — installs Python packages at runtime", "zone": "code", "zoneContext": "instruction", "file": "README.md", "downgraded": false, "sample": "pip3 install", "owasp": [ "LLM01", "LLM03", "LLM06" ], "owaspAsi": [ "ASI01", "ASI04", "ASI06" ], "confidence": "pattern" }, { "severity": "low", "category": "network", "description": "Python urllib.request — network access", "zone": "prose", "zoneContext": "documentation", "file": "scripts/auth_flow.py", "downgraded": true, "sample": "urllib.request", "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03", "ASI07" ], "confidence": "pattern" }, { "severity": "low", "category": "code_execution", "description": "Python threading.Timer — deferred execution", "zone": "prose", "zoneContext": "documentation", "file": "scripts/auth_flow.py", "downgraded": true, "sample": "threading.Timer(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "low", "category": "network", "description": "Popular HTTP library — network access", "zone": "prose", "zoneContext": "documentation", "file": "scripts/validate_config.py", "downgraded": true, "sample": "got", "owasp": [ "LLM02", "LLM06" ], "owaspAsi": [ "ASI03", "ASI07" ], "confidence": "pattern" }, { "severity": "low", "category": "code_execution", "description": "importlib.import_module — dynamic module loading", "zone": "prose", "zoneContext": "documentation", "file": "tests/test_regressions.py", "downgraded": true, "sample": "importlib.import_module(", "owasp": [ "LLM05", "LLM06" ], "owaspAsi": [ "ASI02", "ASI05" ], "confidence": "pattern" }, { "severity": "critical", "category": "threat_intelligence", "description": "URL flagged by 7/91 VirusTotal engines: https://openclaw.ai", "zone": "code", "zoneContext": "instruction", "file": null, "downgraded": false, "sample": "https://openclaw.ai", "owasp": [ "LLM03" ], "owaspAsi": [ "ASI04" ], "confidence": "external" } ], "summary": { "total": 14, "critical": 4, "high": 1, "medium": 4, "low": 5, "compoundThreats": 2, "integrityIssues": 3 }, "trustSignals": { "positive": [ { "signal": "documented", "positive": true, "detail": "SKILL.md has substantial documentation" } ], "negative": [ { "signal": "versioned", "positive": false, "detail": "No version declared" }, { "signal": "described", "positive": false, "detail": "Missing or minimal description" }, { "signal": "undeclared_env", "positive": false, "detail": "Uses credentials in code but declares no env vars" }, { "signal": "complex_structure", "positive": false, "detail": "14 files — larger attack surface" } ] }, "files": { "hasExecutableCode": true, "executableFiles": [ "scripts/auth_flow.py", "scripts/esi_query.py", "scripts/get_token.py", "scripts/token_store.py", "scripts/validate_config.py", "tests/test_regressions.py" ], "totalFiles": 14 }, "humanSummary": "eve-esi scores 20/100 (Dangerous). It declares no permissions. Reads local files AND sends data to external servers — potential data exfiltration. 3 undeclared capabilities detected — the skill does more than its permissions suggest. 3 critical pattern matches in code.", "auditedAt": "2026-04-23T03:42:52.110Z", "vtEnrichment": { "checked": 3, "flagged": 1, "urls": [ { "url": "http://json-schema.org/draft-07/schema#", "malicious": 0, "suspicious": 0, "engines": 91, "cached": true }, { "url": "https://openclaw.ai", "malicious": 7, "suspicious": 2, "engines": 91, "cached": false }, { "url": "https://developers.eveonline.com/api-explorer", "malicious": 0, "suspicious": 0, "engines": 95, "cached": true } ] } }