Security Audit

bitbucket

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

bitbucket received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Bitbucket credentials exposed in command line arguments, Potential command injection in `Create Pull Request` due to unsanitized placeholders.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential command injection in `Create Pull Request` due to unsanitized placeholders The `Create Pull Request` command uses `{workspace}` and `{repo}` placeholders in the URL. If these placeholders are populated with untrusted user input without proper sanitization or shell escaping, an attacker could inject arbitrary shell commands. For example, if `{repo}` is set to `myrepo; rm -rf /`, the `rm -rf /` command could be executed on the host system. Ensure all user-supplied inputs used to construct shell commands (like `{workspace}` and `{repo}`) are strictly validated and properly escaped for the shell environment before execution. Use a robust escaping mechanism or, ideally, pass such parameters as separate arguments to a dedicated API client library rather than constructing raw `curl` commands with string interpolation.	LLM	skills/mrgoodb/bitbucket/SKILL.md:18
MEDIUM	Bitbucket credentials exposed in command line arguments The skill uses `BITBUCKET_USERNAME` and `BITBUCKET_APP_PASSWORD` directly in `curl -u` commands. This practice exposes sensitive credentials in process lists (`ps`), shell history, and potentially logs, making them vulnerable to harvesting by other processes or users on the same system. While common for basic authentication with `curl`, it is not the most secure method. Avoid passing credentials directly in command-line arguments. Consider using a `.netrc` file with appropriate permissions, or passing credentials via stdin for `curl` if supported. If using an API token, ensure it's also handled securely and has the principle of least privilege applied.	LLM	skills/mrgoodb/bitbucket/SKILL.md:11

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/07179c177b317dbd.svg)](https://skillshield.io/report/07179c177b317dbd)