Security Audit

airc

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

airc received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via unescaped arguments in skill invocation, Skill facilitates sending arbitrary data to external IRC servers.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via unescaped arguments in skill invocation The skill exposes a command-line interface (`node {baseDir}/irc.js ...`) where user-controlled input (e.g., the `--message` argument) is passed to a shell command. If the agent runtime executes this command without properly escaping shell metacharacters in the user-provided arguments, an attacker could inject arbitrary shell commands. For example, if the LLM is instructed to send a message like `'; rm -rf /'`, and the agent runtime executes this in a shell, the `; rm -rf /` part could be executed, leading to arbitrary code execution on the host system. The agent runtime should ensure all user-controlled arguments passed to skill commands are properly escaped for the shell environment before execution. Alternatively, skills should provide programmatic APIs instead of relying solely on command-line interfaces for sensitive operations.	LLM	SKILL.md:14
MEDIUM	Skill facilitates sending arbitrary data to external IRC servers The `airc` skill is designed to connect to IRC servers and send messages, including private messages. If the host LLM is manipulated or instructed to send sensitive user data, files, or environment variables via the `send` command, this skill would facilitate the exfiltration of that data to an external, potentially untrusted, IRC server. Additionally, the skill writes all incoming messages to `{baseDir}/messages.jsonl`, which could store sensitive information if the agent is operating in a sensitive IRC channel. Implement strict input validation and content filtering for messages sent via the IRC skill. Ensure the LLM is not prompted to send sensitive information. Consider data loss prevention (DLP) policies for outgoing communications and secure storage/rotation policies for `messages.jsonl`.	LLM	SKILL.md:17

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/faee371f8436ee6a.svg)](https://skillshield.io/report/faee371f8436ee6a)