Security Audit

better-auth

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

better-auth received a trust score of 52/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Dangerous tool allowed: Bash, Command Injection in setup script via unquoted variable, Unpinned dependencies in setup script.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Shell Execution

3 findings

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Command Injection in setup script via unquoted variable The `scripts/setup-d1-drizzle.sh` script constructs a database name (`DB_NAME`) from a user-provided argument (`APP_NAME=$1`). This `DB_NAME` is then used in the `wrangler d1 create $DB_NAME` command without proper quoting. If the user-provided `APP_NAME` contains shell metacharacters (e.g., `my-app-name; rm -rf /`), these characters will be interpreted by the shell, leading to arbitrary command execution. Always quote variables that contain user input when used in shell commands to prevent command injection. Change `wrangler d1 create $DB_NAME` to `wrangler d1 create "$DB_NAME"`.	LLM	scripts/setup-d1-drizzle.sh:30
HIGH	Dangerous tool allowed: Bash The skill allows the 'Bash' tool without constraints. This grants arbitrary command execution. Remove unconstrained shell/exec tools from allowed-tools, or add specific command constraints.	Static	skills/veeramanikandanr48/better-auth/SKILL.md:1
MEDIUM	Unpinned dependencies in setup script The `npm install` command in `scripts/setup-d1-drizzle.sh` installs several packages (`better-auth`, `drizzle-orm`, `drizzle-kit`, `@cloudflare/workers-types`, `hono`) without specifying exact versions. This can lead to non-deterministic builds, unexpected breaking changes, or the introduction of vulnerabilities if a newer version of a dependency contains malicious code or security flaws. While the skill mentions `better-auth@1.4.16`, the script does not enforce this version. Pin all dependencies to specific versions (e.g., `better-auth@1.4.16`) to ensure consistent and secure installations. Alternatively, use a lock file (`package-lock.json` or `yarn.lock`) and instruct users to install with `npm ci`.	LLM	scripts/setup-d1-drizzle.sh:26

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/e37af3024d13a840.svg)](https://skillshield.io/report/e37af3024d13a840)