Security Audit

JSON to TypeScript - Interface Generator

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

JSON to TypeScript - Interface Generator received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned external dependency, Direct shell command execution with potential for injection and excessive permissions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Direct shell command execution with potential for injection and excessive permissions The skill explicitly instructs the execution of shell commands (`npx`, `curl`) which can read/write local files and make network requests. If the LLM constructs these commands using untrusted user input (e.g., filenames, URLs, interface names), it creates a direct path for command injection (SS-LLM-003). For example, a malicious filename or URL could contain shell metacharacters. Furthermore, granting the LLM the ability to execute arbitrary shell commands with filesystem read/write and network access constitutes excessive permissions (SS-LLM-005) for a typical AI agent skill, increasing the attack surface for data exfiltration or system compromise. 1. Input Sanitization: Implement robust input sanitization and validation for all user-provided arguments before constructing and executing shell commands. 2. Least Privilege: Restrict the LLM's execution environment to the absolute minimum necessary permissions. Avoid direct shell execution if possible. 3. Sandboxing: Execute external commands within a tightly sandboxed environment to limit potential damage from injection or malicious packages. 4. Tool Integration: Prefer using dedicated, secure APIs or libraries for file operations and network requests instead of shelling out to `npx` or `curl`.	LLM	SKILL.md:14
HIGH	Unpinned external dependency The skill instructs to install an external npm package (`@lxgicstudios/json-to-ts`) without specifying a version. This is a supply chain risk because any future execution of `npm install -g @lxgicstudios/json-to-ts` will fetch the latest version. If a malicious update to the package is published, it could be automatically installed and executed, leading to arbitrary code execution on the host system. Pin the dependency to a specific, known-good version (e.g., `npm install -g @lxgicstudios/json-to-ts@1.0.0`). Regularly review and update the pinned version after verifying its integrity.	LLM	SKILL.md:9

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/51f19c4f4a9fa7aa.svg)](https://skillshield.io/report/51f19c4f4a9fa7aa)