Security Audit

config-safe

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

config-safe received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `openclaw` `--params` argument.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via `openclaw` `--params` argument The skill instructs the AI agent to execute `openclaw gateway call config.patch` and `openclaw gateway call config.apply` commands. These commands take a `--params` argument, which expects a JSON string. This JSON string includes fields like `raw` (for configuration content) and `baseHash`. If the AI agent constructs this command by directly interpolating untrusted user input into these JSON fields (e.g., for `raw` or `baseHash`) without proper shell escaping and JSON escaping, an attacker could inject shell metacharacters or malicious JSON. This could lead to arbitrary command execution on the host system where the `openclaw` CLI is run. The AI agent's implementation must strictly sanitize and escape all user-provided input before constructing the `--params` JSON string and before passing the entire command to the shell. Specifically, ensure that any user-provided content for `raw` or `baseHash` is properly JSON-escaped and then shell-escaped if the command is executed via a shell. Prefer using a programmatic API for `openclaw` if available, or a safe command execution library that handles escaping automatically.	LLM	SKILL.md:49

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/fb2bef6158a0080e.svg)](https://skillshield.io/report/fb2bef6158a0080e)