Security Audit

alchemy-pay

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

alchemy-pay received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Command Injection via unescaped environment variables in shell commands.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unescaped environment variables in shell commands The skill uses environment variables `ALCHEMY_PAY_APP_ID` and `ALCHEMY_PAY_SECRET` directly within double-quoted strings in shell commands. Specifically, `ALCHEMY_PAY_APP_ID` is used in HTTP headers (e.g., `-H "appId: ${APP_ID}"`) and both `ALCHEMY_PAY_APP_ID` and `ALCHEMY_PAY_SECRET` are concatenated into `SIGN_STRING` and then passed to `echo -n "${SIGN_STRING}${SECRET}"`. If these environment variables contain shell metacharacters (e.g., double quotes, backticks, semicolons), an attacker could inject arbitrary shell commands. For example, if `ALCHEMY_PAY_APP_ID` or `ALCHEMY_PAY_SECRET` is set to a value like `malicious"; rm -rf /; echo "`, it could lead to arbitrary command execution on the host system. This vulnerability is present in all provided `curl` examples. All variables originating from untrusted sources (like environment variables that can be set by the LLM or user) must be properly escaped before being used in shell commands. For shell variables, `printf %q` can be used to escape them for safe re-insertion into shell commands. Alternatively, rewrite the skill in a language like Python that provides safer ways to interact with APIs and handle secrets without direct shell command interpolation. For HTTP headers, ensure values are strictly validated and sanitized to prevent injection of control characters or quotes.	LLM	SKILL.md:30

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7a284826e8527b71.svg)](https://skillshield.io/report/7a284826e8527b71)