Security Audit

aliyun-oss-upload

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

aliyun-oss-upload received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Arbitrary Local File Upload leading to Data Exfiltration, Unpinned Dependency in Installation Instructions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

83%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Arbitrary Local File Upload leading to Data Exfiltration The `upload_file` function in `scripts/oss-upload.py` takes a user-controlled `local_path` argument. This allows the skill to read and upload any file accessible by the agent's process to the configured Alibaba Cloud OSS bucket. If an attacker can control the `local_path` argument (e.g., through a malicious prompt), they could exfiltrate sensitive files from the agent's host system. The skill's manifest explicitly states its purpose is to upload local files, making this an inherent capability that requires careful permission management. Implement strict validation or allow-listing for `local_path` to restrict uploads to specific directories or file types. Alternatively, ensure the agent runs with minimal filesystem permissions, limiting its access to sensitive areas of the host system. Consider using a temporary, isolated storage for files intended for upload, rather than direct access to the host filesystem.	LLM	scripts/oss-upload.py:50
LOW	Unpinned Dependency in Installation Instructions The `SKILL.md` recommends installing the `oss2` library using `pip install oss2` without specifying a version. This can lead to non-deterministic builds, potential compatibility issues with future versions, or, in a worst-case scenario, introduce vulnerabilities if a future version of the library is compromised or a typosquatting attack occurs. While `oss2` is an official SDK, pinning dependencies is a best practice for security and stability. Pin the `oss2` dependency to a specific, known-good version (e.g., `pip install oss2==x.y.z`) to ensure consistent installations and mitigate risks from future changes or compromises. If possible, use a `requirements.txt` file.	LLM	SKILL.md:23

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/af9c812dbb92ef2b.svg)](https://skillshield.io/report/af9c812dbb92ef2b)