Security Audit

kindroid-interact

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

kindroid-interact received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 1 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Node lockfile missing, Shell command injection in `kindroid send` message.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

98%

LLM Behavioral Safety

25%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

2 findings

Shell Execution

4 findings

Dynamic Code

3 findings

Excessive Permissions

1 finding

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	Shell command injection in `kindroid send` message The `cmd_send` function constructs a JSON payload for `curl -d` by directly embedding the user-provided `$message` variable. If `$message` contains shell metacharacters (e.g., double quotes, backticks, semicolons), it can lead to arbitrary command execution before the `curl` command is run. An attacker could craft a malicious message to execute commands on the host system. Safely construct the JSON payload using `jq`'s `--arg` feature to prevent shell injection. For example: `jq -n --arg ai "$AI_ID" --arg msg "$message" '{"ai_id": $ai, "message": $msg}'`	LLM	kindroid.sh:149
CRITICAL	Shell command injection in `kindroid break` greeting Similar to `cmd_send`, the `cmd_break` function directly embeds the user-provided `$greeting` variable into a JSON payload for `curl -d`. This allows for arbitrary command execution if `$greeting` contains shell metacharacters, enabling an attacker to execute commands on the host system. Safely construct the JSON payload using `jq`'s `--arg` feature to prevent shell injection. For example: `jq -n --arg ai "$AI_ID" --arg grt "$greeting" '{"ai_id": $ai, "greeting": $grt}'`	LLM	kindroid.sh:159
HIGH	Shell command injection in `jq` filter via companion nickname The `get_credentials` function uses the user-provided `$companion` variable directly within a `jq` filter string: `jq -r ".companions.\"$companion\"" "$CONFIG_FILE"`. If `$companion` contains a double quote, it can break out of the `jq` string and inject arbitrary shell commands that will be executed by the shell before `jq` processes the JSON. Pass the companion name as a `jq` argument using `--arg` to prevent injection. For example: `AI_ID=$(jq -r --arg comp "$companion" '.companions[$comp]' "$CONFIG_FILE")`	LLM	kindroid.sh:98
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/lumenlemons/kindroid-interact/kindroid.sh:7
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/lumenlemons/kindroid-interact/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5234ea9b4e3f8a92.svg)](https://skillshield.io/report/5234ea9b4e3f8a92)