Security Audit

garrytan/gstack:openclaw/skills/gstack-openclaw-retro

github.com/garrytan/gstack

AI SkillCommit e8893a18b18e

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

garrytan/gstack:openclaw/skills/gstack-openclaw-retro received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via User-Controlled Git Configuration, Potential Command Injection via Unsanitized Time Window Argument.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on April 29, 2026 (commit e8893a18). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

55%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via User-Controlled Git Configuration The skill constructs a `git log` command using the output of `git config user.name` directly as the `--author` argument. A malicious user could configure their `user.name` to include shell metacharacters (e.g., `'; rm -rf /'`) which would then be executed when the `git log` command is run, leading to arbitrary command execution. The LLM must sanitize the output of `git config user.name` before using it in a shell command. This can be done by escaping all shell metacharacters or by ensuring the argument is properly quoted. Alternatively, if the `git` command supports it, pass the author name as a separate, non-interpolated argument or via an environment variable.	Static	SKILL.md:63
HIGH	Potential Command Injection via Unsanitized Time Window Argument The skill instructs the LLM to parse user arguments for a time window (e.g., `24h`, `14d`) and use it to construct the `--since` argument for multiple `git log` commands. If the user input for the time window is directly inserted into the shell command without proper sanitization or validation, a malicious user could inject arbitrary shell commands (e.g., `14d; rm -rf /`). While the instructions provide examples of how to format the `--since` argument, they do not explicitly mandate sanitization of the user-provided time window. The LLM must strictly validate and sanitize the user-provided time window argument. It should only accept expected formats (e.g., 'N h', 'N d', or a specific date-time string) and ensure no shell metacharacters are present. The constructed `--since` argument should always be properly quoted to prevent shell injection.	Static	SKILL.md:23

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8aee9975b8445d42.svg)](https://skillshield.io/report/8aee9975b8445d42)