Security Audit

conversation-summary

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

conversation-summary received a trust score of 53/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 7 findings: 0 critical, 2 high, 3 medium, and 1 low severity. Key findings include Suspicious import: requests, Unpinned npm dependency version, Node lockfile missing.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

91%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Network Access

4 findings

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings7

Severity	Finding	Layer	Location
HIGH	Command Injection via postinstall script The `package.json` file contains a `postinstall` script that executes `chmod +x scripts/conversation_summary.py`. While this specific command is benign, the presence of a `postinstall` script allows for arbitrary command execution during package installation. A malicious actor could modify this script to execute harmful commands, leading to a supply chain attack. Avoid using `postinstall` or other lifecycle scripts for command execution. If absolutely necessary, ensure the commands are minimal, well-audited, and do not introduce arbitrary execution vectors. Consider alternative methods for file permissions or setup.	LLM	package.json:10
HIGH	Potential Command Injection via unescaped arguments in skill invocation The skill's `SKILL.md` documentation shows the tool being invoked via a shell command: `python3 scripts/conversation_summary.py '<chat_list_json>' '<history_summary>'`. The `chat_list_json` argument is taken directly from `sys.argv[1]` in `scripts/conversation_summary.py`. If the LLM or the execution environment fails to properly escape shell metacharacters within the `chat_list_json` string when constructing the command, it could lead to command injection. For example, if `chat_list_json` contains `'$(rm -rf /)'`, it could execute arbitrary commands on the host system. Ensure that the environment executing the skill's commands properly escapes all user-controlled arguments. Within the Python script, consider using `argparse` for robust argument parsing and avoid direct shell execution with user-provided strings. If the `chat_list` is intended to be JSON, validate it as JSON before processing.	LLM	SKILL.md:16
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/dadaliu0121/dada-conversation-summary/scripts/conversation_summary.py:8
MEDIUM	Unpinned npm dependency version Dependency 'requests' is not pinned to an exact version ('^2.31.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/dadaliu0121/dada-conversation-summary/package.json
MEDIUM	Unpinned dependency 'requests' The `package.json` specifies the `requests` dependency with a caret range (`^2.31.0`). This allows for automatic updates to any `2.x.x` version, which could introduce breaking changes, vulnerabilities, or even malicious code if a future version is compromised. Pinning dependencies to exact versions (e.g., `2.31.0`) provides better security and reproducibility. Pin the `requests` dependency to an exact version (e.g., `"requests": "2.31.0"`) to ensure consistent and secure builds. Regularly audit and manually update dependencies.	LLM	package.json:13
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/dadaliu0121/dada-conversation-summary/package.json
INFO	User conversation data sent to third-party API The skill's core functionality involves sending user conversation content (`chat_list`) to an external, third-party API located at `https://iautomark.sdm.qq.com/assistant-analyse/v1/assistant/poc/summary/trigger`. While this is the intended purpose of the skill, it means potentially sensitive user data is transmitted to an external service. Users should be aware of this data transfer and the privacy implications. Ensure clear disclosure to users about data being sent to third-party services. Verify the security and privacy policies of the external API provider. Consider anonymizing or redacting sensitive information before transmission if possible.	LLM	scripts/conversation_summary.py:19

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9bb9821e6be7c13a.svg)](https://skillshield.io/report/9bb9821e6be7c13a)