Security Audit

digital-ocean

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

digital-ocean received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via CLI Arguments, Unpinned Python Dependencies.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via CLI Arguments The skill's documentation in SKILL.md demonstrates CLI commands using `uv run` where user-controlled arguments (e.g., `<droplet_id>`, `<domain>`) are directly interpolated into a shell command. If the AI agent or calling environment constructs these commands with unsanitized user input, it could lead to shell command injection, allowing an attacker to execute arbitrary commands on the host system. The `curl` examples also exhibit a similar pattern. The AI agent or calling environment responsible for executing these commands must sanitize and properly escape all user-provided input before interpolating it into shell commands. Skill authors should explicitly warn about this or provide helper functions that handle sanitization.	LLM	SKILL.md:19
MEDIUM	Unpinned Python Dependencies The `scripts/do.py` file specifies Python dependencies (`httpx`, `rich`) without pinning them to exact versions. This introduces a supply chain risk, as a malicious update to any of these packages (or their transitive dependencies) could be automatically installed, compromising the skill. While `uv` is used, unpinned dependencies still pose a risk. Pin all Python dependencies to exact versions (e.g., `httpx==0.25.0`, `rich==13.7.0`) to ensure deterministic and secure dependency resolution. Regularly review and update these pinned versions.	LLM	scripts/do.py:4

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/751885e1cb28db14.svg)](https://skillshield.io/report/751885e1cb28db14)