Security Audit

alephnet-node

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

alephnet-node received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 60 findings: 22 critical, 10 high, 25 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Network egress to untrusted endpoints, Arbitrary command execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

Static Code Analysis

93%

Dependency Graph

93%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

5 findings

Filesystem Write

11 findings

Shell Execution

52 findings

Dynamic Code

33 findings

Security Findings60

Severity	Finding	Layer	Location
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:471
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:552
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:555
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:567
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:575
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:584
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:593
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:605
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:639
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:658
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/sschepis/alephnet-node/lib/profiles.js:659
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/sschepis/alephnet-node/lib/app/args.js:17
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/sschepis/alephnet-node/lib/app/args.js:177
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/sschepis/alephnet-node/lib/app/args.js:260
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/sschepis/alephnet-node/lib/app/args.js:261
CRITICAL	Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/sschepis/alephnet-node/lib/senses/git.js:12
CRITICAL	Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/sschepis/alephnet-node/lib/speech.js:8
CRITICAL	Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/sschepis/alephnet-node/lib/tools.js:11
CRITICAL	Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/sschepis/alephnet-node/lib/vertex-ai.js:21
CRITICAL	Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/sschepis/alephnet-node/lib/senses/git.js:27
CRITICAL	Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/sschepis/alephnet-node/lib/tools.js:1135
CRITICAL	Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/sschepis/alephnet-node/lib/tools.js:1148
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/agent.js:4
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/agent.js:1009
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/app/server/agent-routes.js:4
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/app/shared.js:5
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/content-store.js:4
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/markdown.js:332
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/markdown.js:344
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/network.js:1077
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/sria/agent-manager.js:4
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/tools.js:4
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/actions/semantic.js:240
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/app/args.js:158
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/app/server/network-sync.js:166
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/collective.js:493
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/collective.js:496
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/concepts.js:337
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/concepts.js:350
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/enochian.js:706
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/hqe.js:74
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/memory-broker.js:4
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/quantum/genesis.js:39
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/quantum/prime-formalism.js:3
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/routing.js:5
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/secure-config.js:640
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/senses/chrono.js:4
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/sentient-memory.js:1186
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/specialization.js:6
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/speech.js:4
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/tools/file-editor/index.js:2
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/tools.js:1539
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/wallet.js:8
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/webrtc/index.js:4
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/sschepis/alephnet-node/lib/webrtc/peer.js:4
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/sschepis/alephnet-node/SKILL.md:1
MEDIUM	Unpinned npm dependency version Dependency '@aleph-ai/tinyaleph' is not pinned to an exact version ('^1.7.2'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/sschepis/alephnet-node/package.json
INFO	Skill performs financial token transfers The skill includes functionality to manage and transfer tokens (e.g., `wallet.send`, `wallet.receive`, `wallet.stake`, `wallet.unstake`). This involves sensitive financial operations that require careful security review and trust in the skill's implementation. While this is intended functionality, it highlights a high-impact area for potential abuse if not properly secured. Ensure robust access control, input validation, and auditing for all financial transactions. Implement multi-factor authorization for critical operations where applicable. Clearly document the security model for token management.	LLM	lib/coherence/stakes.js:120
INFO	Skill manages cryptographic private keys The skill generates, stores, and uses cryptographic private keys for identity (e.g., `identity.sign`, `identity.save`). This is a highly sensitive operation. Any compromise of the key management system could lead to impersonation or unauthorized actions. While this is core to the skill's identity functionality, it necessitates stringent security measures. Implement strong encryption for stored private keys, secure key generation, and strict access controls. Regularly audit key usage and rotation policies. Ensure private keys are never exposed to untrusted input or external systems.	LLM	lib/identity.js:160
INFO	Skill depends on WebAssembly (WASM) modules The skill loads and utilizes WebAssembly (WASM) modules via `@sschepis/resolang` for performance-critical operations. While WASM provides a sandboxed execution environment, a compromised WASM module could still pose a significant supply chain risk, potentially leading to unexpected behavior or resource abuse. The security of the skill is partially dependent on the integrity of this external dependency. Thoroughly vet all WASM dependencies. Consider using integrity checks (e.g., cryptographic hashes) for local deployments to ensure the loaded module has not been tampered with. Monitor for updates and security advisories for these dependencies.	LLM	lib/resolang.js:27

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d32894fa54567c17.svg)](https://skillshield.io/report/d32894fa54567c17)