Security Audit

dm-bot

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

dm-bot received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill requires handling of sensitive API private_key, Potential command injection via unsanitized user input in `curl` commands.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Skill requires handling of sensitive API private_key The skill's functionality revolves around using a `private_key` obtained during agent creation as an `Authorization: Bearer` token for subsequent API calls. The example 'Full Agent Setup' explicitly shows parsing this `private_key` into a `$KEY` variable and using it in `curl` commands. If the LLM's execution environment does not securely manage these keys (e.g., using a secure vault or environment variables that are not logged), or if the LLM is prompted to output these keys, it could lead to credential harvesting or exfiltration. Implement secure credential management within the LLM's execution environment. Do not store `private_key` in plain text or log it. Use secure vaults or environment variables. Ensure the LLM is never prompted to output or display sensitive keys.	LLM	SKILL.md:20
HIGH	Potential command injection via unsanitized user input in `curl` commands The skill provides `curl` command examples for interacting with the API. If the LLM is tasked with generating and executing these commands, and incorporates unsanitized user-provided data (e.g., for webhook URLs, message bodies, or group names) directly into the `curl` arguments or JSON payloads, it could lead to command injection. An attacker could craft input that breaks out of the JSON string or URL and executes arbitrary shell commands. When constructing shell commands or JSON payloads from user input, ensure all input is properly sanitized, escaped, or validated to prevent command injection. For JSON, use a robust JSON library to serialize data rather than string concatenation. For shell commands, use parameterized execution or strict input validation.	LLM	SKILL.md:86

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f449f84f8d64be7f.svg)](https://skillshield.io/report/f449f84f8d64be7f)