Trust Assessment
cuecue-deep-research received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Command Injection via `exec` with unsanitized user input, API Key exposed in command-line arguments, Skill uses `exec` for arbitrary command execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via `exec` with unsanitized user input The skill instructs the AI to use the `exec` function to run the `cuecue-research` command. The `command` string includes a placeholder for the user's research query (`'Your research query'`). If the `exec` function does not properly escape or tokenize arguments, or if the user input for the query contains shell metacharacters (e.g., `'`, `;`, `&`, `|`, `$(...)`), it could lead to arbitrary command execution. The example uses single quotes around the query, which is a common but insufficient sanitization method, as an embedded single quote in the user's input can break out of the quoted string, allowing for injection of arbitrary shell commands. 1. **Prefer array-based `exec`**: If the `exec` function supports it, pass the command and its arguments as an array (e.g., `exec({ command: ["cuecue-research", query, "--output", outputPath] })`). This prevents shell interpretation of arguments. 2. **Robust shell escaping**: If only string-based `exec` is available, implement robust shell escaping for all user-controlled parts of the `command` string, especially the `query` and `output` path. This typically involves escaping single quotes, backticks, dollar signs, semicolons, and other shell metacharacters. 3. **Input validation**: Validate user input for the query and output path to restrict allowed characters and patterns. | LLM | SKILL.md:100 | |
| HIGH | Skill uses `exec` for arbitrary command execution The skill explicitly instructs the AI to use the `exec` function, which allows for arbitrary command execution on the host system. While this is fundamental to the skill's operation (wrapping a CLI tool), it grants a very broad permission. If combined with a command injection vulnerability (as identified above) or if the `cuecue-research` binary itself is compromised, this could lead to severe system compromise. The `cron.add` function also allows scheduling of arbitrary commands (via the `payload.message` which can trigger agent turns that use `exec`), further extending the scope of execution. 1. **Strict input sanitization**: Ensure all arguments passed to `exec` are thoroughly sanitized or passed as an array to prevent command injection. 2. **Least privilege**: If possible, run the `cuecue-research` command or the skill itself in a more restricted environment (e.g., containerized, with limited user permissions). 3. **Audit `cuecue-research`**: Ensure the underlying `cuecue-research` CLI tool is secure and does not have its own vulnerabilities. | LLM | SKILL.md:98 | |
| LOW | API Key exposed in command-line arguments The skill provides an option to pass the `CUECUE_API_KEY` directly as a command-line argument (`--api-key YOUR_API_KEY`). While the skill recommends using the OpenClaw config for security, using the command-line argument can expose the API key in process lists (e.g., `ps aux`), shell history files, and potentially logs, making it vulnerable to unauthorized access by other users or processes on the system. Strongly enforce the use of environment variables or secure configuration management (like OpenClaw config) for sensitive credentials. Consider removing the `--api-key` command-line option if possible, or add a prominent warning about its security implications. | LLM | SKILL.md:200 |
Scan History
Embed Code
[](https://skillshield.io/report/9778085f9b99f234)
Powered by SkillShield