Security Audit

gemini

github.com/openclaw/openclaw

AI SkillCommit b62bd290cb4e

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

gemini received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via External CLI Execution, Supply Chain Risk: External CLI Dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via External CLI Execution The skill is designed to execute the `gemini` command-line interface (CLI) with user-provided input as arguments. If the LLM constructs the command string without proper sanitization or escaping of user input, or if the `gemini` CLI itself is vulnerable to shell injection through its arguments, a malicious user could inject arbitrary shell commands. This is a common attack vector when wrapping external binaries. Ensure that all user-provided input passed to external commands like `gemini` is rigorously sanitized and shell-escaped before execution. The LLM orchestrator should use a safe command execution mechanism that prevents argument injection. If possible, use a library or API that directly interacts with the Gemini service rather than shelling out to a CLI.	LLM	SKILL.md:8
MEDIUM	Supply Chain Risk: External CLI Dependency The skill relies on the `gemini-cli` package installed via Homebrew. While Homebrew is a reputable package manager, any external dependency introduces a supply chain risk. If the `gemini-cli` package or its upstream source were compromised, or if a typosquatting attack were to occur, it could lead to the installation of malicious software on the host system. The skill's functionality is entirely dependent on the integrity of this external binary. Verify the authenticity and integrity of the `gemini-cli` package. Consider using checksums or cryptographic signatures if available. Regularly audit the dependency for known vulnerabilities. Ensure the `gemini-cli` is sourced from a trusted and official repository.	LLM	Manifest:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/980bfacb3a807ec6.svg)](https://skillshield.io/report/980bfacb3a807ec6)