Security Audit Report
tg-sticker-emoji-mood Security Audit Report
🔭 Continuously monitored by ClawSecure Watchtower
tg-sticker-emoji-mood is a Other skill for the OpenClaw ecosystem, created by dandysuper. ClawSecure audited this skill through our 3-Layer Audit Protocol covering all 10 OWASP ASI Top 10 categories. This skill received a security score of 85/100, qualifying for ClawSecure Verified status. The audit identified 4 findings across the scan's three security layers.
What does a score of 85 mean?
A security score of 85/100 places this skill in the Safe range. Skills scoring 80 or above qualify for ClawSecure Verified status, indicating they passed our comprehensive audit with minimal or no security concerns. ClawSecure calculates scores using a weighted deduction model: critical findings deduct 20 points, high-severity findings deduct 10, medium-severity 5, and low-severity 2. A perfect score of 100 means no findings were detected across all three audit layers.
✓ You're subscribed to Watchtower alerts for this skill.
🏛️
OWASP ASI Framework Coverage
Categories highlighted were detected in this scan. ClawSecure provides comprehensive coverage across all 10 OWASP ASI Top 10 categories.
🎯Context-Aware Analysis
This skill requests system-level capabilities which are standard for OpenClaw automation skills. Generic scanners often flag these capabilities as suspicious regardless of context. ClawSecure's Context-Aware Intelligence analyzes capabilities in ecosystem context — we differentiate real threats (malicious code, unauthorized data exfiltration, supply chain vulnerabilities, ReDoS patterns) from normal agent functionality. Our 3-Layer Audit Protocol is purpose-built for the OpenClaw ecosystem.
🏛️ Findings are tagged with OWASP ASI (Agentic Security Initiative) Top 10 category references where applicable. ClawSecure provides comprehensive coverage across all 10 OWASP ASI categories. Learn more at owasp.org
Security Recommendations for tg-sticker-emoji-mood
Pin npm dependencies to exact versions
Unpinned dependencies allow supply chain attacks where a compromised package version is automatically pulled into your skill. Use exact version numbers in package.json (e.g., 1.2.3 instead of ^1.2.3) to prevent unauthorized code from entering your dependency tree. ClawSecure's supply chain scanning checks every dependency against known CVE databases.
Add a config.json permissions manifest
A config.json file declares what permissions your OpenClaw skill needs — file system access, network requests, shell execution, and more. Without it, users have no visibility into what your skill can do before installing. Adding a permissions manifest is the single most impactful security improvement for any OpenClaw skill.
Review shell execution permissions
This skill uses shell execution capabilities. While shell access is standard for many useful OpenClaw automations, it's important to validate that commands are constructed from trusted inputs only. Avoid passing user-controlled strings directly to shell commands, and consider restricting execution to a specific set of allowed commands.
Related Other Security Audits
Scanned on March 5, 2026. tg-sticker-emoji-mood is one of 2,890+ agents audited by ClawSecure from the community-curated awesome-openclaw-skills list and the openclaw/skills repository.