Security Audit

base-trader

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

base-trader received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Shell command injection via unescaped user input in JSON construction.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Shell command injection via unescaped user input in JSON construction The `log-trade.sh` script constructs a JSON string for logging trades by directly interpolating user-provided arguments (`ACTION`, `TOKEN`, `AMOUNT_USD`, `PRICE`, `REASON`, `TX`) into a `cat <<EOF ... EOF` block. This method is vulnerable to shell command injection. If any of these arguments, particularly `REASON` or `TX`, contain shell command substitutions (e.g., `$(command)` or `` `command` ``), the commands will be executed by the shell during the construction of the `TRADE` variable. This allows an attacker to execute arbitrary commands on the system where the script is run. To prevent shell command injection and ensure valid JSON, construct the JSON object using a dedicated JSON processing tool like `jq`. Pass all user-provided arguments to `jq` as `--arg` or `--argjson` parameters, which will automatically handle escaping and prevent shell expansion. For example: ```bash TRADE_JSON=$(jq -n \ --arg timestamp "$TIMESTAMP" \ --arg action "$ACTION" \ --arg token "$TOKEN" \ --argjson amount_usd "$AMOUNT_USD" \ --argjson price "$PRICE" \ --arg reason "$REASON" \ --arg tx "$TX" \ '{timestamp: $timestamp, action: $action, token: $token, amount_usd: $amount_usd, price: $price, reason: $reason, tx: $tx}') # Then use TRADE_JSON with jq to append to the file: jq --argjson new_trade "$TRADE_JSON" '. + [$new_trade]' "$TRADES_FILE" > "${TRADES_FILE}.tmp" && mv "${TRADES_FILE}.tmp" "$TRADES_FILE" ```	LLM	scripts/log-trade.sh:22
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/sp0oby/base-trader/scripts/check-portfolio.sh:4

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b1b7ef223cb768b4.svg)](https://skillshield.io/report/b1b7ef223cb768b4)