Security Audit

gemini-web-search

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

gemini-web-search received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via Unsafe Shell Execution, Excessive Permissions via Environment Variable Override.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

3 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Command Injection via Unsafe Shell Execution The `gemini_prompt.sh` script constructs a shell command by embedding user-controlled input (`PROMPT`) directly into a double-quoted string passed to `script -q -c`. While double quotes are escaped (`PROMPT//"/\"}`), this sanitization is insufficient to prevent command injection via shell command substitution (e.g., `$(...)` or backticks `` ` ``). An attacker can embed malicious commands within the prompt, which will be executed by the shell before the `gemini` command is invoked. Avoid embedding user-controlled input directly into shell command strings. Instead, pass user input as separate arguments to the executed command or use a robust shell escaping mechanism like `printf %q` for each argument. For example, `script -q -c "${GEMINI_BIN} -p $(printf %q "$PROMPT")" /dev/null` or, preferably, use a language's subprocess module with an argument list to avoid shell parsing entirely.	LLM	scripts/gemini_prompt.sh:15
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/fengjiajie/gemini-web-search/scripts/gemini_prompt.sh:14
MEDIUM	Excessive Permissions via Environment Variable Override The script allows overriding the path to the `gemini` binary via the `GEMINI_BIN` environment variable. While this offers flexibility, it also introduces a potential risk. If an attacker can control the environment variables of the process executing this skill, they could point `GEMINI_BIN` to an arbitrary malicious executable, leading to arbitrary code execution with the permissions of the skill. If possible, hardcode the path to trusted binaries or validate the `GEMINI_BIN` path against a whitelist of allowed locations. If overriding is necessary, ensure that the environment where the skill runs is secured against arbitrary environment variable manipulation.	LLM	scripts/gemini_prompt.sh:12

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d8a27ec33f114f5a.svg)](https://skillshield.io/report/d8a27ec33f114f5a)