Trust Assessment
clawvox received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 18 findings: 12 critical, 2 high, 4 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via `curl -F` arguments, Command Injection in `validate_number` via `bc -l`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings18
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via `curl -F` arguments User-provided arguments are directly interpolated into `curl -F "key=$value"` arguments without proper escaping. A malicious user can inject arbitrary `curl -F` options or other `curl` arguments by crafting input that contains double quotes and other shell metacharacters, leading to command injection. Sanitize user input (`$NAME`, `$DESCRIPTION`, `$LABELS`) to prevent shell metacharacter injection. Consider using `curl --form-string` or strictly validating and escaping input for `multipart/form-data` fields. For example, ensure values do not contain unescaped double quotes. | LLM | scripts/clone.sh:60 | |
| CRITICAL | Command Injection via `curl -F` arguments User-provided arguments are directly interpolated into `curl -F "key=$value"` arguments without proper escaping. A malicious user can inject arbitrary `curl -F` options or other `curl` arguments by crafting input that contains double quotes and other shell metacharacters, leading to command injection. Sanitize user input (`$TARGET_LANG`, `$MODE`, `$SOURCE_LANG`, `$NUM_SPEAKERS`) to prevent shell metacharacter injection. Consider using `curl --form-string` or strictly validating and escaping input for `multipart/form-data` fields. For example, ensure values do not contain unescaped double quotes. | LLM | scripts/dub.sh:103 | |
| CRITICAL | Command Injection via `curl -F` arguments User-provided arguments are directly interpolated into `curl -F "key=$value"` arguments without proper escaping. A malicious user can inject arbitrary `curl -F` options or other `curl` arguments by crafting input that contains double quotes and other shell metacharacters, leading to command injection. Sanitize user input (`$MODEL`, `$LANGUAGE`, `$TIMESTAMPS`) to prevent shell metacharacter injection. Consider using `curl --form-string` or strictly validating and escaping input for `multipart/form-data` fields. For example, ensure values do not contain unescaped double quotes. | LLM | scripts/transcribe.sh:90 | |
| CRITICAL | Command Injection in `validate_number` via `bc -l` The `validate_number` function uses `bc -l` to perform numeric comparisons. User-provided numeric inputs (`$val`, `$min`, `$max`) are directly passed to `echo` and piped to `bc -l`. If a malicious user provides input containing shell metacharacters or command substitutions (e.g., `0.5; evil_command`), `bc -l` will execute the injected command. Strictly validate that `$val`, `$min`, and `$max` are numeric using a regular expression (e.g., `[[ "$val" =~ ^-?[0-9]+(\.[0-9]+)?$ ]]`) before passing them to `bc -l`. | LLM | scripts/common.sh:46 | |
| CRITICAL | Command Injection via unquoted/improperly sanitized file paths User-provided file paths (`-o`, `--out`) are used in external commands (`stat`, `mv`, `mpv`, `afplay`, `aplay`, `play`, `curl -o`, `echo >`). Although some paths are quoted, if the user input itself contains a single quote that closes the quoted string and then injects a command (e.g., `'output.mp3'\; evil_command`), it can lead to arbitrary command execution. Implement strict validation and sanitization for all user-provided file paths. Only allow safe characters (alphanumeric, underscores, hyphens, single dot for extension) or use a dedicated library function for secure path handling if available. | LLM | scripts/common.sh:140 | |
| CRITICAL | Command Injection via unquoted/improperly sanitized file paths User-provided file paths (`-o`, `--out`) are used in external commands (`stat`, `mv`, `mpv`, `afplay`, `aplay`, `play`, `curl -o`, `echo >`). Although some paths are quoted, if the user input itself contains a single quote that closes the quoted string and then injects a command (e.g., `'output.mp3'\; evil_command`), it can lead to arbitrary command execution. Implement strict validation and sanitization for all user-provided file paths. Only allow safe characters (alphanumeric, underscores, hyphens, single dot for extension) or use a dedicated library function for secure path handling if available. | LLM | scripts/common.sh:167 | |
| CRITICAL | Command Injection via unquoted/improperly sanitized file paths User-provided file paths (`-o`, `--out`) are used in external commands (`stat`, `mv`, `mpv`, `afplay`, `aplay`, `play`, `curl -o`, `echo >`). Although some paths are quoted, if the user input itself contains a single quote that closes the quoted string and then injects a command (e.g., `'output.mp3'\; evil_command`), it can lead to arbitrary command execution. Implement strict validation and sanitization for all user-provided file paths. Only allow safe characters (alphanumeric, underscores, hyphens, single dot for extension) or use a dedicated library function for secure path handling if available. | LLM | scripts/dub.sh:187 | |
| CRITICAL | Command Injection via unquoted/improperly sanitized file paths User-provided file paths (`-o`, `--out`) are used in external commands (`stat`, `mv`, `mpv`, `afplay`, `aplay`, `play`, `curl -o`, `echo >`). Although some paths are quoted, if the user input itself contains a single quote that closes the quoted string and then injects a command (e.g., `'output.mp3'\; evil_command`), it can lead to arbitrary command execution. Implement strict validation and sanitization for all user-provided file paths. Only allow safe characters (alphanumeric, underscores, hyphens, single dot for extension) or use a dedicated library function for secure path handling if available. | LLM | scripts/isolate.sh:100 | |
| CRITICAL | Command Injection via unquoted/improperly sanitized file paths User-provided file paths (`-o`, `--out`) are used in external commands (`stat`, `mv`, `mpv`, `afplay`, `aplay`, `play`, `curl -o`, `echo >`). Although some paths are quoted, if the user input itself contains a single quote that closes the quoted string and then injects a command (e.g., `'output.mp3'\; evil_command`), it can lead to arbitrary command execution. Implement strict validation and sanitization for all user-provided file paths. Only allow safe characters (alphanumeric, underscores, hyphens, single dot for extension) or use a dedicated library function for secure path handling if available. | LLM | scripts/sfx.sh:100 | |
| CRITICAL | Command Injection via unquoted/improperly sanitized file paths User-provided file paths (`-o`, `--out`) are used in external commands (`stat`, `mv`, `mpv`, `afplay`, `aplay`, `play`, `curl -o`, `echo >`). Although some paths are quoted, if the user input itself contains a single quote that closes the quoted string and then injects a command (e.g., `'output.mp3'\; evil_command`), it can lead to arbitrary command execution. Implement strict validation and sanitization for all user-provided file paths. Only allow safe characters (alphanumeric, underscores, hyphens, single dot for extension) or use a dedicated library function for secure path handling if available. | LLM | scripts/speak.sh:140 | |
| CRITICAL | Command Injection via unquoted/improperly sanitized file paths User-provided file paths (`-o`, `--out`) are used in external commands (`stat`, `mv`, `mpv`, `afplay`, `aplay`, `play`, `curl -o`, `echo >`). Although some paths are quoted, if the user input itself contains a single quote that closes the quoted string and then injects a command (e.g., `'output.mp3'\; evil_command`), it can lead to arbitrary command execution. Implement strict validation and sanitization for all user-provided file paths. Only allow safe characters (alphanumeric, underscores, hyphens, single dot for extension) or use a dedicated library function for secure path handling if available. | LLM | scripts/transcribe.sh:120 | |
| CRITICAL | Command Injection via unquoted/improperly sanitized file paths User-provided file paths (`-o`, `--out`) are used in external commands (`stat`, `mv`, `mpv`, `afplay`, `aplay`, `play`, `curl -o`, `echo >`). Although some paths are quoted, if the user input itself contains a single quote that closes the quoted string and then injects a command (e.g., `'output.mp3'\; evil_command`), it can lead to arbitrary command execution. Implement strict validation and sanitization for all user-provided file paths. Only allow safe characters (alphanumeric, underscores, hyphens, single dot for extension) or use a dedicated library function for secure path handling if available. | LLM | scripts/voices.sh:249 | |
| HIGH | JSON Injection via direct interpolation of user input The `--duration` argument is directly interpolated into the JSON request body without validation or escaping. A malicious user could provide input containing JSON metacharacters (e.g., `10, "evil_key": "evil_value"`) to inject arbitrary JSON fields into the API request, potentially altering its behavior. Strictly validate `$DURATION` as a numeric value before interpolation. If it's not a number, reject the input. Ensure all interpolated values are properly escaped for JSON if they are not guaranteed to be simple numbers or booleans. | LLM | scripts/sfx.sh:80 | |
| HIGH | JSON Injection via direct interpolation of user input The `--model` argument is directly interpolated into the JSON request body without proper escaping. A malicious user could provide input containing JSON metacharacters (e.g., `"eleven_turbo_v2_5", "evil_key": "evil_value"`) to inject arbitrary JSON fields into the API request, potentially altering its behavior. Validate `$MODEL` against a known whitelist of allowed models or sanitize it to prevent injection of double quotes and other JSON metacharacters. Ensure all interpolated values are properly escaped for JSON. | LLM | scripts/speak.sh:120 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/abhishek-official1/clawvox/scripts/dub.sh:15 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/abhishek-official1/clawvox/scripts/isolate.sh:15 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/abhishek-official1/clawvox/scripts/sfx.sh:15 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/abhishek-official1/clawvox/scripts/speak.sh:17 |
Scan History
Embed Code
[](https://skillshield.io/report/7f27c8d6b744399f)
Powered by SkillShield