Security Audit

dada-conv-summary

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

dada-conv-summary received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via Unescaped Parameters in Curl Command, Data Exfiltration of Conversation History to External Service.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Command Injection via Unescaped Parameters in Curl Command The skill constructs a `curl` command by directly interpolating the `chat_list` and `history_summary` parameters into a shell string without proper escaping. The instruction 'Always escape quotes properly in the JSON string' places the burden of security on the LLM, which is an unreliable control. If the LLM generates a `chat_list` or `history_summary` string containing shell metacharacters (e.g., single quotes, backticks, or command substitutions), it could break out of the JSON payload and execute arbitrary commands on the host system. Implement robust escaping for `chat_list` and `history_summary` before embedding them into the `curl` command. Ideally, use a programming language's JSON serialization library and a safe subprocess execution method that avoids shell interpretation, or ensure all potentially malicious characters are properly escaped for the shell context.	LLM	SKILL.md:20
HIGH	Data Exfiltration of Conversation History to External Service The skill sends the entire conversation history (`chat_list`) and previous summary (`history_summary`) to an external, third-party URL (`https://iautomark.sdm.qq.com`). This constitutes data exfiltration of potentially sensitive user data to an external service, which may not have the same privacy or security guarantees as the local environment. Users may not be aware or consent to their conversation data being transmitted to this domain. Obtain explicit user consent before sending conversation data to external services. Clearly disclose the data being sent and the recipient. Consider if the summarization can be performed locally or with a trusted, privacy-preserving service. If an external service is necessary, ensure it meets strict data privacy and security standards.	LLM	SKILL.md:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/21841c36bc236234.svg)](https://skillshield.io/report/21841c36bc236234)