Security Audit

aioz-stream-audio-upload

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

aioz-stream-audio-upload received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 13 findings: 9 critical, 4 high, 0 medium, and 0 low severity. Key findings include Command Injection via TITLE parameter in JSON payload, Command Injection via FILE_PATH parameter, Data Exfiltration via arbitrary file upload.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

7 findings

Filesystem Write

7 findings

Shell Execution

13 findings

Dynamic Code

8 findings

Security Findings13

Severity	Finding	Layer	Location
CRITICAL	Command Injection via TITLE parameter in JSON payload The `$TITLE` variable is directly interpolated into a JSON string within a `curl -d` argument. An attacker can inject shell commands by crafting a malicious `TITLE` (e.g., `My Title", "type": "audio" }; rm -rf /; #`). This would break the JSON structure and execute arbitrary commands on the host system. Sanitize the `$TITLE` variable to escape any shell metacharacters and JSON special characters. A safer approach is to use `jq` to construct the JSON payload, ensuring proper escaping, e.g., `jq -n --arg title "$TITLE" '{title: $title, type: "audio"}'`.	LLM	scripts/create_audio_default.sh:18
CRITICAL	Command Injection via TITLE parameter in JSON payload The `$TITLE` variable is directly interpolated into a JSON string within a `curl -d` argument. An attacker can inject shell commands by crafting a malicious `TITLE` (e.g., `My Title", "type": "audio" }; rm -rf /; #`). This would break the JSON structure and execute arbitrary commands on the host system. Sanitize the `$TITLE` variable to escape any shell metacharacters and JSON special characters. A safer approach is to use `jq` to construct the JSON payload, ensuring proper escaping, e.g., `jq -n --arg title "$TITLE" '{title: $title, type: "audio"}'`.	LLM	scripts/upload_audio_file.sh:18
CRITICAL	Command Injection via FILE_PATH parameter The `$FILE_PATH` variable is used directly as an argument to `stat` and `md5sum` commands. Although quoted, shell metacharacters (e.g., `;`, `\|`, `&`, `$(...)`, `` `...` ``) can still lead to command injection if crafted maliciously. For example, `"; rm -rf /"` would execute `rm -rf /`. Strictly validate and sanitize the `$FILE_PATH` variable to ensure it does not contain any shell metacharacters. Consider using `readlink -f` to resolve and validate the path, and ensure it points to an allowed, sandboxed location. If passing to shell commands, use `printf %q` to properly quote the argument.	LLM	scripts/upload_audio_file.sh:34
CRITICAL	Command Injection via FILE_PATH parameter The `$FILE_PATH` variable is used directly as an argument to `stat` and `md5sum` commands. Although quoted, shell metacharacters (e.g., `;`, `\|`, `&`, `$(...)`, `` `...` ``) can still lead to command injection if crafted maliciously. For example, `"; rm -rf /"` would execute `rm -rf /`. Strictly validate and sanitize the `$FILE_PATH` variable to ensure it does not contain any shell metacharacters. Consider using `readlink -f` to resolve and validate the path, and ensure it points to an allowed, sandboxed location. If passing to shell commands, use `printf %q` to properly quote the argument.	LLM	scripts/upload_audio_file.sh:36
CRITICAL	Data Exfiltration via arbitrary file upload The `$FILE_PATH` argument, if controlled by an attacker, can be set to any arbitrary file on the system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`). The `curl -F "file=@$FILE_PATH"` command will then read the content of this arbitrary file and upload it to the AIOZ Stream API, leading to sensitive data exfiltration. Implement strict validation of `$FILE_PATH` to ensure it points only to allowed, non-sensitive locations (e.g., a temporary upload directory, or a user-specific sandbox). Do not allow arbitrary file paths from user input.	LLM	scripts/upload_audio_file.sh:48
CRITICAL	Command Injection via AUDIO_ID parameter in URL The `$AUDIO_ID` variable is directly interpolated into the URL path within a `curl` command. An attacker can inject shell commands by crafting a malicious `AUDIO_ID` (e.g., `123; rm -rf /; #`). This would execute arbitrary commands on the host system. Strictly validate and sanitize the `$AUDIO_ID` variable to ensure it contains only expected characters (e.g., alphanumeric, UUID format) and no shell metacharacters. If direct shell execution is unavoidable, use `printf %q` to properly quote the argument.	LLM	scripts/get_audio_detail.sh:14
CRITICAL	Command Injection via AUDIO_ID parameter in URL The `$AUDIO_ID` variable is directly interpolated into the URL path within a `curl` command. An attacker can inject shell commands by crafting a malicious `AUDIO_ID` (e.g., `123; rm -rf /; #`). This would execute arbitrary commands on the host system. Strictly validate and sanitize the `$AUDIO_ID` variable to ensure it contains only expected characters (e.g., alphanumeric, UUID format) and no shell metacharacters. If direct shell execution is unavoidable, use `printf %q` to properly quote the argument.	LLM	scripts/upload_audio_file.sh:44
CRITICAL	Command Injection via AUDIO_ID parameter in URL The `$AUDIO_ID` variable is directly interpolated into the URL path within a `curl` command. An attacker can inject shell commands by crafting a malicious `AUDIO_ID` (e.g., `123; rm -rf /; #`). This would execute arbitrary commands on the host system. Strictly validate and sanitize the `$AUDIO_ID` variable to ensure it contains only expected characters (e.g., alphanumeric, UUID format) and no shell metacharacters. If direct shell execution is unavoidable, use `printf %q` to properly quote the argument.	LLM	scripts/upload_audio_file.sh:57
CRITICAL	Command Injection via AUDIO_ID parameter in URL The `$AUDIO_ID` variable is directly interpolated into the URL path within a `curl` command. An attacker can inject shell commands by crafting a malicious `AUDIO_ID` (e.g., `123; rm -rf /; #`). This would execute arbitrary commands on the host system. Strictly validate and sanitize the `$AUDIO_ID` variable to ensure it contains only expected characters (e.g., alphanumeric, UUID format) and no shell metacharacters. If direct shell execution is unavoidable, use `printf %q` to properly quote the argument.	LLM	scripts/upload_audio_file.sh:67
HIGH	Credential Exposure via Process List Sensitive API keys (`PUBLIC_KEY`, `SECRET_KEY`) are passed as command-line arguments to the shell scripts. On many systems, command-line arguments are visible in the process list (`ps aux`) to other users on the system, which can lead to the exposure of these credentials. Avoid passing sensitive credentials as command-line arguments. Instead, use environment variables, secure input methods (e.g., `read -s`), or a dedicated secret management system. Ensure the host LLM handles these credentials securely.	LLM	scripts/create_audio_custom.sh:4
HIGH	Credential Exposure via Process List Sensitive API keys (`PUBLIC_KEY`, `SECRET_KEY`) are passed as command-line arguments to the shell scripts. On many systems, command-line arguments are visible in the process list (`ps aux`) to other users on the system, which can lead to the exposure of these credentials. Avoid passing sensitive credentials as command-line arguments. Instead, use environment variables, secure input methods (e.g., `read -s`), or a dedicated secret management system. Ensure the host LLM handles these credentials securely.	LLM	scripts/create_audio_default.sh:4
HIGH	Credential Exposure via Process List Sensitive API keys (`PUBLIC_KEY`, `SECRET_KEY`) are passed as command-line arguments to the shell scripts. On many systems, command-line arguments are visible in the process list (`ps aux`) to other users on the system, which can lead to the exposure of these credentials. Avoid passing sensitive credentials as command-line arguments. Instead, use environment variables, secure input methods (e.g., `read -s`), or a dedicated secret management system. Ensure the host LLM handles these credentials securely.	LLM	scripts/get_audio_detail.sh:4
HIGH	Credential Exposure via Process List Sensitive API keys (`PUBLIC_KEY`, `SECRET_KEY`) are passed as command-line arguments to the shell scripts. On many systems, command-line arguments are visible in the process list (`ps aux`) to other users on the system, which can lead to the exposure of these credentials. Avoid passing sensitive credentials as command-line arguments. Instead, use environment variables, secure input methods (e.g., `read -s`), or a dedicated secret management system. Ensure the host LLM handles these credentials securely.	LLM	scripts/upload_audio_file.sh:4

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/56f2b37de404e5a3.svg)](https://skillshield.io/report/56f2b37de404e5a3)