Trust Assessment
bad-ball-14 received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Unsanitized user input leads to command injection, User questions logged to sensitive `/root` directory.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input leads to command injection The user's question is directly interpolated into a shell command (`python3 badball14.py "{question}"`) without any sanitization or escaping. This allows an attacker to inject arbitrary shell commands by crafting a malicious question, leading to remote code execution. Implement robust input sanitization and escaping for the `{question}` variable before it is used in a shell command. Ideally, pass the question as an argument to the Python script directly without shell interpolation, or use a safer execution method that doesn't involve shell parsing of user input (e.g., `subprocess.run` with `shell=False` and arguments as a list). | LLM | SKILL.md:14 | |
| HIGH | User questions logged to sensitive `/root` directory The skill logs all user questions and responses to a JSON file (`badball14-last.json`) located in `/root/.openclaw/workspace/`. Storing user input in a system-level directory like `/root` can expose potentially sensitive information if the directory is not adequately protected or if an attacker gains access to the system, facilitating data exfiltration. Store log files in a less privileged, dedicated application data directory (e.g., `/var/log/openclaw/badball14/` or a user-specific directory) that is appropriately permissioned. Re-evaluate the necessity of logging all user questions, especially if they could contain sensitive data. | LLM | scripts/badball14.py:37 | |
| HIGH | Skill executes commands with potentially excessive privileges The skill uses `exec` to run shell commands, including a setup script and the main Python script. This implies the skill operates with the full permissions of the execution environment, which, combined with the command injection vulnerability, allows an attacker to execute arbitrary commands with these elevated privileges. The logging to `/root` further indicates a high privilege context. Implement a principle of least privilege. Run skills in a sandboxed environment with minimal necessary permissions. Avoid direct `exec` calls with user-controlled input. If shell execution is unavoidable, ensure strict input validation and escaping, or use safer alternatives like `subprocess.run` with `shell=False`. | LLM | SKILL.md:9 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/cyberengage/bad-ball-14/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/8f1cf11034a1f00b)
Powered by SkillShield