Security Audit

adr-gen

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

adr-gen received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Local 'package.json' content sent to external API, Unsanitized user input directly injected into LLM prompt.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

3 findings

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Unsanitized user input directly injected into LLM prompt The 'input' argument, which comes directly from the user's command line, is concatenated into the 'userContent' string without any sanitization or escaping. This allows an attacker to inject malicious instructions into the LLM prompt, potentially overriding system instructions, extracting sensitive information, or causing unintended behavior. The 'context' derived from 'package.json' is also unsanitized, further increasing the risk. Implement robust input sanitization and escaping for all user-provided data before it is included in the LLM prompt. Consider using a templating engine or a dedicated prompt construction library that handles escaping. Ensure that the LLM's system instructions are robust against adversarial inputs.	LLM	src/index.ts:9
HIGH	Local 'package.json' content sent to external API The skill reads the 'package.json' file from the current working directory ('process.cwd()') and includes its 'name' and 'dependencies' in the prompt sent to the OpenAI API. This constitutes data exfiltration as local file system data is transmitted to a third-party service without explicit user consent or clear indication, potentially revealing sensitive project information. Remove the code that reads 'package.json' and sends its contents to the LLM, or implement explicit user consent and clear disclosure if this functionality is intended. If project context is needed, it should be provided by the user explicitly, not inferred from local files.	LLM	src/index.ts:8
MEDIUM	Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/lxgicstudios/adr-gen/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/80ca0855ba7edc57.svg)](https://skillshield.io/report/80ca0855ba7edc57)