Security Audit

cloudflare

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

cloudflare received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 4 findings: 0 critical, 3 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via Unquoted Variable in printf, Sensitive Token Printed to Standard Output.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

48%

Behavioral Risk Signals

Shell Execution

4 findings

Dynamic Code

3 findings

Excessive Permissions

1 finding

Security Findings4

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Unquoted Variable in printf The `printf` command in `scripts/dns/list.sh`, `scripts/tunnels/list.sh`, and `scripts/zones/list.sh` uses user-controlled variables (`type`, `name`, `content`, `proxied`, `id`, `status`, `created`, `plan`) directly within the format string. While bash's `printf` is generally more robust than C's, a malicious user could potentially inject format string specifiers (e.g., `%s`, `%x`) into these variables, leading to information disclosure (e.g., stack contents) or unexpected behavior. Although direct command execution is unlikely, it's a deviation from safe input handling practices. Sanitize user-controlled input variables before passing them to `printf` by removing or escaping any characters that could be interpreted as format specifiers. Alternatively, use `echo` with proper quoting if complex formatting is not strictly required, or ensure that the format string itself is not user-controlled.	LLM	scripts/dns/list.sh:60
HIGH	Potential Command Injection via Unquoted Variable in printf The `printf` command in `scripts/dns/list.sh`, `scripts/tunnels/list.sh`, and `scripts/zones/list.sh` uses user-controlled variables (`type`, `name`, `content`, `proxied`, `id`, `status`, `created`, `plan`) directly within the format string. While bash's `printf` is generally more robust than C's, a malicious user could potentially inject format string specifiers (e.g., `%s`, `%x`) into these variables, leading to information disclosure (e.g., stack contents) or unexpected behavior. Although direct command execution is unlikely, it's a deviation from safe input handling practices. Sanitize user-controlled input variables before passing them to `printf` by removing or escaping any characters that could be interpreted as format specifiers. Alternatively, use `echo` with proper quoting if complex formatting is not strictly required, or ensure that the format string itself is not user-controlled.	LLM	scripts/tunnels/list.sh:50
HIGH	Potential Command Injection via Unquoted Variable in printf The `printf` command in `scripts/dns/list.sh`, `scripts/tunnels/list.sh`, and `scripts/zones/list.sh` uses user-controlled variables (`type`, `name`, `content`, `proxied`, `id`, `status`, `created`, `plan`) directly within the format string. While bash's `printf` is generally more robust than C's, a malicious user could potentially inject format string specifiers (e.g., `%s`, `%x`) into these variables, leading to information disclosure (e.g., stack contents) or unexpected behavior. Although direct command execution is unlikely, it's a deviation from safe input handling practices. Sanitize user-controlled input variables before passing them to `printf` by removing or escaping any characters that could be interpreted as format specifiers. Alternatively, use `echo` with proper quoting if complex formatting is not strictly required, or ensure that the format string itself is not user-controlled.	LLM	scripts/zones/list.sh:40
MEDIUM	Sensitive Token Printed to Standard Output The `scripts/tunnels/token.sh` script is designed to retrieve and print the Cloudflare Tunnel run token directly to standard output. While this is the intended functionality of the script, it means that any system or agent executing this script will have direct access to this sensitive token. If the output of this script is not properly handled or is captured by an untrusted process, it could lead to data exfiltration of the tunnel token, allowing unauthorized access to the Cloudflare Tunnel. Consider if direct output of the token is always necessary. If the token is primarily for internal use by `cloudflared`, explore options to pass it directly to the `cloudflared` command without printing it to stdout. If output is required, ensure that the calling environment has robust controls to prevent logging or exfiltration of sensitive output.	LLM	scripts/tunnels/token.sh:50

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5b2a1e16fc413e0a.svg)](https://skillshield.io/report/5b2a1e16fc413e0a)