Security Audit

arr-all

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

arr-all received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 6 findings: 5 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized date argument, Command Injection via unsanitized function name execution.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

3 findings

Shell Execution

6 findings

Dynamic Code

5 findings

Excessive Permissions

1 finding

Security Findings6

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unsanitized date argument The `DAYS` variable, which is directly taken from user input (`$1`), is used without sanitization in the `date -d "+$DAYS days"` command. An attacker can inject arbitrary shell commands by providing a malicious string for `$DAYS`, leading to command execution. Sanitize or validate the `$DAYS` variable to ensure it contains only numeric values before passing it to the `date` command. Alternatively, use a safer method to calculate dates that does not involve direct shell command interpolation of user input.	LLM	scripts/arr-all-calendar.sh:12
CRITICAL	Command Injection via unsanitized function name execution The `FUNC` variable is constructed using user-controlled input (`$ACTION`) and then directly executed using `"$FUNC" "$@"`. This allows an attacker to inject arbitrary shell commands by providing a malicious string for `$ACTION` (e.g., `foo; rm -rf /`), leading to arbitrary command execution. Instead of directly executing a dynamically constructed function name, use a `case` statement or a whitelist of allowed actions to dispatch to known, safe functions. Ensure that user input used to construct function names is strictly validated against an allow-list.	LLM	scripts/arr-all.sh:90
CRITICAL	Command Injection via unsanitized URL parameters in Lidarr functions Multiple Lidarr functions (`lidarr_add`, `lidarr_albums`, `lidarr_monitor_album`) directly interpolate user-supplied IDs (`$foreignArtistId`, `$artistId`, `$albumId`) into `curl` API request URLs without proper URL encoding. An attacker can inject `curl` options or other shell commands by crafting a malicious ID, leading to command execution or data exfiltration. Ensure all user-supplied variables used in URL paths or query parameters are properly URL-encoded before being passed to `api_request`. For example, use `encoded_id=$(echo "$id" \| jq -sRr @uri)`.	LLM	scripts/lib/lidarr.sh:70
CRITICAL	Command Injection via unsanitized URL parameters in Radarr functions Multiple Radarr functions (`radarr_exists`, `radarr_add`, `radarr_remove`, `radarr_add_collection` via `radarr_add`) directly interpolate user-supplied IDs (`$tmdbId`) into `curl` API request URLs without proper URL encoding. An attacker can inject `curl` options or other shell commands by crafting a malicious ID, leading to command execution or data exfiltration. Ensure all user-supplied variables used in URL paths or query parameters are properly URL-encoded before being passed to `api_request`. For example, use `encoded_id=$(echo "$id" \| jq -sRr @uri)`.	LLM	scripts/lib/radarr.sh:20
CRITICAL	Command Injection via unsanitized URL parameters in Sonarr functions Multiple Sonarr functions (`sonarr_exists`, `sonarr_add`, `sonarr_remove`, `sonarr_seasons`, `sonarr_monitor_season`) directly interpolate user-supplied IDs (`$tvdbId`) into `curl` API request URLs without proper URL encoding. An attacker can inject `curl` options or other shell commands by crafting a malicious ID, leading to command execution or data exfiltration. Ensure all user-supplied variables used in URL paths or query parameters are properly URL-encoded before being passed to `api_request`. For example, use `encoded_id=$(echo "$id" \| jq -sRr @uri)`.	LLM	scripts/lib/sonarr.sh:19
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/rappo/arr-all/scripts/lib/common.sh:31

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/50d52324b2eeaad5.svg)](https://skillshield.io/report/50d52324b2eeaad5)