Security Audit

cloudflare-gen

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

cloudflare-gen received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Direct Prompt Injection via User Input.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Direct Prompt Injection via User Input The skill directly passes user-provided input (`description`) as a 'user' message to the OpenAI API without any sanitization, validation, or robust prompt engineering safeguards. This allows a malicious actor to craft the `description` argument to attempt to manipulate the underlying LLM's behavior, potentially overriding the system prompt, generating unintended or harmful Cloudflare Worker code/configurations, or attempting to extract sensitive information from the LLM's context. Implement robust prompt engineering techniques to mitigate prompt injection. This could include: 1) Wrapping user input in specific XML tags or delimiters and instructing the LLM to treat content within these tags as user data only, not instructions. 2) Adding explicit instructions in the system prompt for the LLM to ignore conflicting or manipulative instructions within the user input. 3) Implementing input validation or sanitization on the `description` before passing it to the LLM. 4) Using a separate guardrail LLM or a content moderation API to filter potentially malicious user inputs.	LLM	src/index.ts:10
MEDIUM	Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/lxgicstudios/cloudflare-gen/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/58c8fe33c1b3ca3e.svg)](https://skillshield.io/report/58c8fe33c1b3ca3e)