Security Audit

binance

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

binance received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Shell Command Injection via User-Controlled Variables.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential Shell Command Injection via User-Controlled Variables The skill constructs shell commands using variables (e.g., `SYMBOL`, `SIDE`, `TYPE`, `QUANTITY`, `PRICE`, `ORDER_ID`, `FROM_ASSET`, `TO_ASSET`, `FROM_AMOUNT`) which are likely populated by untrusted user input. Although these variables are generally used within double-quoted strings in `curl` commands, a newline character (`\n`) in user-controlled input could terminate the quoted string and allow arbitrary shell command execution. For example, if `SYMBOL` contains `BTCUSDT\nrm -rf /`, the shell command could execute `rm -rf /`. The skill definition does not include explicit sanitization for such inputs, relying on the LLM runtime to handle this securely. Implement robust input sanitization for all user-controlled variables before they are interpolated into shell commands. Specifically, filter out or escape shell metacharacters, including newlines, semicolons, backticks, and dollar signs. A common approach is to use `printf %q` or similar shell-escaping functions if available, or to ensure the LLM runtime passes arguments securely (e.g., as separate arguments to `execve` rather than a single shell string).	LLM	SKILL.md:53

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/bcac781eb4861744.svg)](https://skillshield.io/report/bcac781eb4861744)