Security Audit

grafana

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

grafana received a trust score of 76/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized user input in URL path, Potential Command Injection via unsanitized user input in JSON payload.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via unsanitized user input in URL path The `Get Dashboard` command includes a placeholder `{uid}` in the URL path, which is highly likely to be replaced by user-provided input. If this input is not strictly validated and sanitized (e.g., URL-encoded or restricted to safe characters) before being interpolated into the `curl` command, an attacker could inject arbitrary shell commands. For example, input like `123; rm -rf /` could lead to remote code execution on the host system. Ensure that any user-provided input for `{uid}` is strictly validated and sanitized (e.g., to alphanumeric characters, or URL-encoded) by the executing agent before being used in the shell command. Avoid direct string concatenation of untrusted input into shell commands.	LLM	SKILL.md:14
HIGH	Potential Command Injection via unsanitized user input in JSON payload The `Create Alert Rule` command uses a JSON payload where fields (indicated by `...`) are likely to be populated by user-provided input. If this input is not properly escaped for both JSON syntax and shell command interpretation, an attacker could inject arbitrary shell commands by breaking out of the single-quoted string used for the `-d` argument. This could lead to remote code execution. Ensure that any user-provided input for JSON fields is strictly validated, properly JSON-escaped, and then correctly shell-escaped before being used in the `curl -d` argument. Consider using a dedicated JSON library to construct the payload and pass it via stdin to `curl` to avoid shell escaping issues.	LLM	SKILL.md:25

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9c479271c6f3c37a.svg)](https://skillshield.io/report/9c479271c6f3c37a)