Trust Assessment
command-center received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 48 findings: 26 critical, 5 high, 17 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, Arbitrary command execution, Credential harvesting.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings48
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:2917 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/linear-sync.js:498 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:10 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/tests/server.test.js:4 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/linear-sync.js:501 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:742 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:745 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:761 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:771 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:774 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:783 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:791 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:801 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:820 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:836 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:854 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:857 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:906 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:919 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:931 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:966 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:1521 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:1524 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jontsai/command-center/lib/server.js:3100 | |
| CRITICAL | Credential harvesting Bulk environment variable dump Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/jontsai/command-center/tests/config.test.js:12 | |
| CRITICAL | Command injection in release script via sed command The `scripts/release.sh` script takes a version string from the command line (`$VERSION`) and directly embeds it into a `sed` command to update `SKILL.md`. An attacker can craft a malicious version string containing `sed` commands or shell metacharacters (e.g., `1.0.0/e evil_command #`) to execute arbitrary commands on the system where the script is run. Use a safer method to update the version in `SKILL.md` that does not involve direct string interpolation into `sed`. For example, read the file, perform string replacement in a programming language, and then write the file back. | LLM | scripts/release.sh:100 | |
| HIGH | Unsafe environment variable passthrough Bulk environment variable harvesting Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/jontsai/command-center/tests/config.test.js:12 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/lib/server.js:4 | |
| HIGH | Dynamic module import path controllable by environment variable The `lib/jobs.js` module dynamically imports `lib/api.js` from a path derived from `CONFIG.paths.workspace`. `CONFIG.paths.workspace` can be controlled by the `OPENCLAW_WORKSPACE` environment variable. If an attacker can control this environment variable when launching the skill, they could point `JOBS_DIR` to a directory containing a malicious `lib/api.js` file, leading to arbitrary code execution when the jobs API is initialized. Strictly validate the `OPENCLAW_WORKSPACE` environment variable to ensure it points to a trusted, non-writable location. Avoid allowing arbitrary paths for dynamic code loading. | LLM | lib/jobs.js:17 | |
| HIGH | Command injection in verify script via DASHBOARD_URL The `scripts/verify.sh` script uses the `DASHBOARD_URL` variable (which can be set via CLI argument `--url` or environment variable `DASHBOARD_URL`) directly in `curl` commands. An attacker can inject shell metacharacters into `DASHBOARD_URL` (e.g., `http://localhost:3333; evil_command`) to execute arbitrary commands. Properly quote or sanitize `DASHBOARD_URL` when used in shell commands. For `curl`, using `--url` with a single argument is generally safer, but shell expansion can still occur if not quoted. The safest approach is to validate the URL format strictly. | LLM | scripts/verify.sh:20 | |
| HIGH | Command injection in start script via PORT variable The `scripts/start.sh` script takes a `PORT` argument (or uses a default) and uses it directly in `node` and `cloudflared` commands. An attacker can inject shell metacharacters into the `PORT` variable (e.g., `3333; evil_command`) to execute arbitrary commands. Validate the `PORT` variable to ensure it is a valid integer. Use `printf %q` or similar shell quoting mechanisms if the variable must be passed to other commands. | LLM | scripts/start.sh:37 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/lib/config.js:105 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/lib/config.js:126 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/lib/config.js:150 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/lib/server.js:1534 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/public/js/lib/morphdom.min.js:1 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/tests/config.test.js:21 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/tests/config.test.js:116 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/tests/config.test.js:121 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/tests/config.test.js:130 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/jontsai/command-center/tests/config.test.js:142 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jontsai/command-center/scripts/dashboard-loop.sh:9 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jontsai/command-center/scripts/run-server.sh:6 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jontsai/command-center/scripts/setup.sh:44 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/jontsai/command-center/scripts/tmux-dashboard.sh:6 | |
| MEDIUM | Unpinned npm dependency version Dependency 'eslint' is not pinned to an exact version ('^8.56.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/jontsai/command-center/package.json | |
| MEDIUM | Unsanitized version string passed to npm command The `scripts/release.sh` script passes the user-provided `$VERSION` directly to `npm version`. While `npm` might have some internal sanitization, passing untrusted input directly to external commands is a general security risk. If `npm version` has a vulnerability related to version string parsing, this could be exploited. Strictly validate the `$VERSION` string to ensure it conforms to semantic versioning and contains no shell metacharacters before passing it to `npm`. | LLM | scripts/release.sh:95 | |
| MEDIUM | Excessive permissions via OPENCLAW_WORKSPACE environment variable The `OPENCLAW_WORKSPACE` environment variable (and `OPENCLAW_PROFILE`) can dictate the base directory for various critical operations, including file storage (`memory`, `state`) and job definitions (`jobs`). If an attacker can control this environment variable when launching the skill, they could point the workspace to a sensitive system directory (e.g., `/`, `/etc`), granting the skill excessive read/write permissions to the entire filesystem. Implement strict validation for the `OPENCLAW_WORKSPACE` and `OPENCLAW_PROFILE` environment variables. Ensure they point to a dedicated, non-sensitive directory, ideally within the user's home directory or a sandboxed location. Avoid allowing paths like `/` or `/etc`. | LLM | lib/config.js:40 |
Scan History
Embed Code
[](https://skillshield.io/report/aa8e613aa623d4ae)
Powered by SkillShield