Security Audit

excel-to-bim

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

excel-to-bim received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Arbitrary File Read via Path Traversal, Arbitrary File Write via Path Traversal.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

10%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

4 findings

Shell Execution

3 findings

Dynamic Code

2 findings

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	Command Injection in External Tool Execution The `RevitExcelUpdater.update_revit` method executes an external tool (`ImportExcelToRevit.exe`) using `subprocess.run`. The command arguments (`excel_file`, `rvt_file`, `sheet_name`) are directly passed from method parameters. If these parameters are sourced from untrusted user input, a malicious user could craft them to inject arbitrary shell commands (e.g., `excel_file="malicious.xlsx; rm -rf /"`), leading to arbitrary code execution on the host system. Ensure that all arguments passed to `subprocess.run` are strictly validated and sanitized. If possible, avoid executing external tools with user-controlled arguments. If necessary, use a whitelist of allowed values or escape special characters relevant to the shell environment. Consider using a more secure Inter-Process Communication (IPC) mechanism if the external tool allows it.	LLM	SKILL.md:190
CRITICAL	Code Injection via Generated Dynamo Script The `generate_dynamo_script` method embeds user-controlled data (`updates` dictionary, which originates from an Excel file) directly into a Python script using `json.dumps`. While `json.dumps` generally handles escaping, if the `updates` data contains specially crafted strings that could break out of the JSON string context or be interpreted as executable code by the Dynamo Python interpreter (e.g., if Dynamo's `json` parser or Python interpreter has vulnerabilities, or if the generated script is later processed in an insecure way), it could lead to arbitrary code execution when the generated script is run. This is a high-risk scenario given the script is written to a file and intended for execution. Treat all data originating from untrusted sources (like Excel files) as potentially malicious. If embedding such data into executable scripts, ensure robust sanitization and escaping beyond basic JSON serialization. Consider using a templating engine that provides auto-escaping for code generation, or strictly validate the structure and content of the `updates` dictionary to prevent unexpected values. Ideally, avoid generating executable code from untrusted input.	LLM	SKILL.md:109
HIGH	Arbitrary File Read via Path Traversal The skill uses `pandas.read_excel` in `load_excel`, `enrich_and_update`, and `create_classification_mapping` methods, taking `file_path`, `original_excel`, `enrichment_excel`, and `classification_file` as arguments. If these file paths are derived from untrusted user input, an attacker could supply a path traversal sequence (e.g., `../../../../etc/passwd`) to read arbitrary files from the system, leading to data exfiltration. Implement strict input validation and sanitization for all file paths provided by users. Restrict file operations to a designated, sandboxed directory. Use `os.path.abspath` and check if the resolved path is within an allowed base directory to prevent path traversal.	LLM	SKILL.md:69
HIGH	Arbitrary File Write via Path Traversal The `generate_dynamo_script` and `generate_ifc_updates` methods write to `output_path` and `output_ifc` respectively. If these paths are derived from untrusted user input, an attacker could use path traversal to write arbitrary files to any location on the system, potentially overwriting critical system files or placing malicious executables. Implement strict input validation and sanitization for all file paths provided by users. Restrict file operations to a designated, sandboxed directory. Use `os.path.abspath` and check if the resolved path is within an allowed base directory to prevent path traversal.	LLM	SKILL.md:130
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/datadrivenconstruction/excel-to-bim/SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/ed92bb76ebdcefe0.svg)](https://skillshield.io/report/ed92bb76ebdcefe0)