Security Audit

csv-handler

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

csv-handler received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Arbitrary File Write via `export_csv`, Path Traversal in `split_csv` leading to Arbitrary File Write.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

25%

Behavioral Risk Signals

Filesystem Write

3 findings

Security Findings4

Severity	Finding	Layer	Location
CRITICAL	Arbitrary File Write via `export_csv` The `export_csv` method directly uses the `file_path` argument in `df.to_csv()`. An attacker controlling `file_path` can write a DataFrame to any arbitrary location on the file system, potentially overwriting critical system files or writing malicious content. Implement strict validation and sanitization of `file_path` to ensure it is within an allowed directory and does not contain path traversal sequences (e.g., `../`). Consider using a dedicated temporary directory or a whitelist of allowed paths.	LLM	SKILL.md:204
CRITICAL	Arbitrary File Read via various methods Multiple methods (`detect_encoding`, `detect_delimiter`, `profile_csv`, `read_csv`, `merge_csvs`, `parse_schedule`, `parse_costs`) accept a `file_path` argument and use it directly in `open()` or `pd.read_csv()`. An attacker controlling `file_path` can instruct the agent to read arbitrary files from the file system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), potentially leading to data exfiltration. Implement strict validation and sanitization of `file_path` to ensure it is within an allowed directory and does not contain path traversal sequences. Consider using a dedicated input directory or a whitelist of allowed paths.	LLM	SKILL.md:47
HIGH	Path Traversal in `split_csv` leading to Arbitrary File Write The `split_csv` method constructs filenames using values (`value`) extracted directly from untrusted CSV data. If a `value` contains path traversal sequences (e.g., `../`, `/`), it can lead to writing files outside the intended `output_dir` when `filepath = output_path / filename` is resolved. Sanitize `value` before incorporating it into `filename` to remove or neutralize any path traversal characters. Ensure that `Path(output_dir) / filename` is canonicalized and checked against the intended base directory.	LLM	SKILL.md:176
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/datadrivenconstruction/csv-handler/SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d0dccb46d05e3ae2.svg)](https://skillshield.io/report/d0dccb46d05e3ae2)