Security Audit

brainstorming

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

brainstorming received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Dynamic File Paths and Git Operations.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Dynamic File Paths and Git Operations The skill instructs the AI agent to write a design document to a dynamically generated file path (`docs/plans/YYYY-MM-DD-<topic>-design.md`) and to perform git operations (commit, create worktree). The `<topic>` part of the filename and the content of the design document are likely derived from user input or the agent's internal state, which can be influenced by untrusted input. If these dynamic elements are not rigorously sanitized before being used in file system operations or shell commands (e.g., `git commit -m "..."`, `git worktree add ...`), it could lead to path traversal, arbitrary file writes, or command injection. This could allow an attacker to write malicious files, inject arbitrary commands into git operations, or corrupt the repository. Implement robust input validation and sanitization for all dynamic components, especially the `<topic>` variable used in file paths and any content passed to git commands. Ensure that file system and git operations are executed using APIs that prevent shell injection, rather than directly constructing shell commands with unsanitized input. Consider implementing explicit user confirmation steps for sensitive actions like writing to files or committing to version control, particularly when the content or path is influenced by user input.	LLM	SKILL.md:46

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/c956711a78a3edd5.svg)](https://skillshield.io/report/c956711a78a3edd5)