Security Audit

bahn

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

bahn received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via User Input, Unpinned Dependency Installation (Supply Chain Risk).

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via User Input The skill describes executing a shell command `node index.js search "<from>" "<to>" [options]` where `<from>`, `<to>`, and `[options]` are placeholders for user-provided input. If the AI agent directly interpolates untrusted user input into this command string without proper sanitization or escaping, it could lead to arbitrary command execution on the host system. Although the example uses quotes, these are not always sufficient to prevent all forms of command injection, especially with complex payloads or if the underlying `node` script does not handle arguments safely. Implement robust input validation and sanitization for all user-provided arguments (`<from>`, `<to>`, `--date`, `--time`, `--results`) before constructing and executing the shell command. Use a safe command execution mechanism that properly escapes arguments, or pass arguments directly to the `node` process without shell interpretation if possible.	LLM	SKILL.md:15
MEDIUM	Unpinned Dependency Installation (Supply Chain Risk) The installation instructions suggest running `npm install` within the `~/Code/bahn-cli` directory. This command will install the latest available versions of dependencies defined in the project's `package.json` (not provided here). Without specific version pinning (e.g., `npm install package@1.2.3`) or integrity checks, there's a risk that a compromised or malicious version of a dependency could be installed, leading to supply chain attacks. The skill also mentions `db-vendo-client` as a dependency, which could also be a source of risk. Recommend pinning specific versions for all dependencies in `package.json` to ensure reproducible and secure installations. Additionally, consider using `npm ci` with a `package-lock.json` or `yarn.lock` file, and implement integrity checks (e.g., `npm audit`) as part of the installation process.	LLM	SKILL.md:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e95b6a9bb7f5e65f.svg)](https://skillshield.io/report/e95b6a9bb7f5e65f)