Security Audit

bim-validation-pipeline

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

bim-validation-pipeline received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 0 critical, 4 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Arbitrary File Read via Configuration Path, Arbitrary File Read via IDS XML Path.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

4 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings5

Severity	Finding	Layer	Location
HIGH	Arbitrary File Read via Configuration Path The `_load_config` method in `BIMValidationPipeline` opens and reads a file specified by `config_path`. If this path is derived directly from untrusted user input without proper validation or sandboxing, an attacker could specify an arbitrary file path (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) to read sensitive system files, leading to data exfiltration. Implement strict input validation for `config_path` to ensure it points only to allowed, non-sensitive locations. Consider using a dedicated configuration directory and restricting file access to that directory, or using a file picker interface that returns a safe file handle.	LLM	SKILL.md:300
HIGH	Arbitrary File Read via IDS XML Path The `_parse_ids` method in `IDSValidator` parses an XML file specified by `ids_path`. If this path is derived directly from untrusted user input without proper validation or sandboxing, an attacker could specify an arbitrary file path to read sensitive system files, leading to data exfiltration. Additionally, while `xml.etree.ElementTree` generally disables external entities by default, it's a common vector for XXE attacks if not explicitly secured. Implement strict input validation for `ids_path` to ensure it points only to allowed, non-sensitive locations. Consider using a dedicated directory for IDS files and restricting file access to that directory. For XML parsing, ensure that external entity processing is explicitly disabled to prevent XXE attacks, if using a parser other than `ElementTree` or if `ElementTree`'s default behavior is overridden.	LLM	SKILL.md:240
HIGH	Arbitrary File Read via IFC Model Path The `BIMValidator` constructor opens an IFC model file specified by `ifc_path`. If this path is derived directly from untrusted user input without proper validation or sandboxing, an attacker could specify an arbitrary file path to read sensitive system files, leading to data exfiltration. Implement strict input validation for `ifc_path` to ensure it points only to allowed, non-sensitive locations. Consider using a dedicated directory for IFC models and restricting file access to that directory, or using a file picker interface that returns a safe file handle.	LLM	SKILL.md:50
HIGH	Arbitrary File Write via Report Export Path The `export_report` method in `BIMValidationPipeline` writes an Excel file to the path specified by `output_path`. If this path is derived directly from untrusted user input without proper validation or sandboxing, an attacker could specify an arbitrary file path (e.g., `/etc/cron.d/malicious_job`, `/var/www/html/malicious.php`) to write to arbitrary locations on the filesystem. This could lead to overwriting critical system files, injecting malicious code, or exfiltrating data by writing it to a publicly accessible location. Implement strict input validation for `output_path` to ensure it points only to allowed, non-sensitive directories (e.g., a user's designated output folder). Prevent directory traversal (`../`) and ensure the path is within a controlled sandbox. Consider using a file save dialog that restricts the save location.	LLM	SKILL.md:400
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/datadrivenconstruction/bim-validation-pipeline/SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9a59c4fae4b18803.svg)](https://skillshield.io/report/9a59c4fae4b18803)