Security Audit

dsiprouter

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

dsiprouter received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via eval in path construction, Data Exfiltration via curl URL manipulation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

2 findings

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Command Injection via eval in path construction The script uses `eval` to process a path variable (`path="$(eval echo \"$path\")"`) which is constructed using user-supplied input. This allows an attacker to inject and execute arbitrary shell commands by providing malicious input as a path parameter. For example, in the `endpointgroups:get` command, the first argument is directly inserted into the path, which is then `eval`uated. Remove the `eval` statement. User-supplied path components should be properly sanitized and URL-encoded, not evaluated as shell commands. If variable expansion within the path is truly necessary, use safer shell parameter expansion features or ensure the input is strictly validated against a whitelist of allowed characters.	LLM	bin/dsiprouter.sh:100
HIGH	Data Exfiltration via curl URL manipulation The `api` function, which uses `curl`, constructs its target URL using user-supplied path arguments. Specifically, the `call` subcommand allows a user to provide an arbitrary `PATH_WITH_QUERY` argument which is directly appended to the base URL. An attacker can craft this path to include a full external URL, redirecting the `curl` request to an attacker-controlled server and exfiltrating sensitive environment variables like `DSIP_TOKEN` which is included in the Authorization header. Validate and sanitize all user-provided path arguments to ensure they are relative paths and do not contain scheme, host, or other URL components that could redirect the request. Implement strict URL encoding for path segments and query parameters. Consider using a `curl` option like `--url` with a fixed base URL and only appending validated path segments.	LLM	bin/dsiprouter.sh:48

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/04afda728e89bb3d.svg)](https://skillshield.io/report/04afda728e89bb3d)