Security Audit

asana

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

asana received a trust score of 42/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Command Injection via unsanitized chat input to shell arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

70%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

3 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unsanitized chat input to shell arguments The `scripts/asana_chat.mjs` helper script processes user input provided via the `--text` flag. For explicit commands (e.g., `/asana ...`), it directly splits the user-provided string by spaces to form an `args` array. This array is intended to be used as command-line arguments for `scripts/asana_api.mjs`. If the LLM or its wrapper executes `asana_api.mjs` by concatenating these arguments into a single shell command string (e.g., `node scripts/asana_api.mjs <cmd> <arg1> <arg2>...`), any shell metacharacters (such as `;`, `\|`, `&`, `$(...)`) present in the user's input will be interpreted by the shell, leading to a critical command injection vulnerability. An attacker could craft malicious input to execute arbitrary shell commands on the host system. The component responsible for executing the `asana_api.mjs` command should use a safe execution method (e.g., `child_process.spawn` in Node.js, or equivalent in other languages) where arguments are passed as a distinct array, preventing shell interpretation. Alternatively, the `asana_chat.mjs` script should sanitize or escape any shell metacharacters in the `args` array before outputting it, or the LLM/wrapper should perform this sanitization before execution.	LLM	scripts/asana_chat.mjs:49
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/k0nkupa/asana/SKILL.md:28
HIGH	Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared.	Static	skills/k0nkupa/asana/SKILL.md:48

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b57ad328d89577cd.svg)](https://skillshield.io/report/b57ad328d89577cd)