Security Audit

cwicr-data-loader

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

cwicr-data-loader received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Unpinned dependencies in `pip install`, Arbitrary file read/write capability via path parameters.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Arbitrary file read/write capability via path parameters The `CWICRDataLoader` class's `load` and `export` methods, along with their internal file-loading functions (`_load_parquet`, `_load_excel`, `_load_csv`, `_load_json`), directly use string parameters (`source`, `output_path`) as file paths without validation or sanitization. If an LLM agent exposes this skill to untrusted user input, an attacker could specify arbitrary file paths (e.g., `/etc/passwd`, `C:\Windows\System32\drivers\etc\hosts`) to read sensitive system files or write to arbitrary locations. This could lead to data leakage, denial of service (by filling disk space), or planting malicious files. While this functionality is core to a data loader, it represents a significant security risk if not handled with extreme care by the calling agent. The calling agent must implement robust input validation and sanitization for `source` and `output_path` parameters, restricting file access to a designated, sandboxed directory. Consider using a virtual filesystem or explicit allow-lists for file paths. If direct user input is used, it must be strictly validated against allowed patterns or a secure file picker mechanism.	LLM	SKILL.md:144
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/datadrivenconstruction/cwicr-data-loader/SKILL.md:1
MEDIUM	Unpinned dependencies in `pip install` The `pip install` command specifies package dependencies without version pinning. This can lead to non-deterministic builds, compatibility issues, and introduces a supply chain risk where a malicious update to a dependency could be automatically pulled in, potentially introducing vulnerabilities or breaking changes. Pin all dependencies to specific versions (e.g., `pandas==1.5.3`, `pyarrow==10.0.1`). Regularly review and update pinned versions to incorporate security patches.	LLM	SKILL.md:67

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4c103a2acb861ee8.svg)](https://skillshield.io/report/4c103a2acb861ee8)