Security Audit

binance-dca

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

binance-dca received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 2 critical, 0 high, 0 medium, and 0 low severity. Key findings include Shell Command Injection via Unsanitized User Input, Python Code Injection via Unsanitized Asset Name.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Shell Command Injection via Unsanitized User Input The `sign` function constructs a query string from user-controlled inputs (`symbol`, `type`, `price`) and then passes this string to `echo -n "$query"` before piping it to `openssl`. If any of these user inputs contain shell metacharacters (e.g., `$(...)`, backticks), they will be expanded and executed by the shell. This allows an attacker to execute arbitrary shell commands on the system running the script. For example, providing `type='MARKET$(id)'` or `price='123; id'` in the `action_buy` command would lead to command execution. User-controlled inputs interpolated into shell commands must be rigorously validated and escaped to prevent shell metacharacters from being interpreted as commands. A safer approach for the `sign` function would be to use `printf %s "$query"` to prevent shell expansion, or to perform the HMAC calculation in a language like Python where string interpolation is safer. Additionally, all user inputs (`symbol`, `type`, `price`) should be strictly validated against an allow-list of expected characters and patterns.	LLM	scripts/dca.sh:28
CRITICAL	Python Code Injection via Unsanitized Asset Name In the `action_balance` function, the user-controlled `asset` variable is directly interpolated into a Python string literal within a `python3 -c` command. Although the `asset` is converted to uppercase using `tr`, this does not prevent Python string concatenation or code execution if the input contains valid Python syntax for injection. For example, an input like `USDT' + __import__('os').system('id') + '` would result in the execution of `os.system('id')` when the Python interpreter processes the string. User-controlled inputs interpolated into `python3 -c` commands must be properly escaped for Python string literals. The most secure method is to pass user input as an argument to the Python script (e.g., `python3 -c "import sys; asset=sys.argv[1]; ..." "$asset"`) and access it via `sys.argv`, rather than directly embedding it into the script string. Alternatively, use a templating engine that automatically handles escaping.	LLM	scripts/dca.sh:77

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/931819a4c4cc124f.svg)](https://skillshield.io/report/931819a4c4cc124f)