Security Audit

ktrendz-skill

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

ktrendz-skill received a trust score of 20/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 12 findings: 5 critical, 0 high, 6 medium, and 1 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Node lockfile missing.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

58%

Dependency Graph

98%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

5 findings

Filesystem Write

1 finding

Shell Execution

10 findings

Dynamic Code

5 findings

Excessive Permissions

5 findings

Security Findings12

Severity	Finding	Layer	Location
CRITICAL	Command Injection via Unsanitized User Input in Shell Script The `ARTIST` argument, which is user-controlled input, is directly interpolated into a JSON payload within a `curl -d` command. This allows an attacker to inject arbitrary shell commands by crafting a malicious `ARTIST` value (e.g., by closing the JSON string and injecting shell metacharacters). This can lead to remote code execution on the host system. Sanitize user input before interpolating it into shell commands or JSON payloads. Use a JSON-aware tool like `jq` to construct JSON objects from variables, or properly escape all special characters (especially double quotes and backslashes) in the `$ARTIST` variable before embedding it in the JSON string. For example, use `jq -n --arg artist "$ARTIST" '{"artist_name": $artist}'` and pipe its output to `curl -d @-`.	LLM	scripts/buy.sh:40
CRITICAL	Command Injection via Unsanitized User Input in Shell Script The `ARTIST` and `SLIPPAGE` arguments, which are user-controlled inputs, are directly interpolated into a JSON payload within a `curl -d` command. This allows an attacker to inject arbitrary shell commands or manipulate the JSON structure by crafting malicious values. This can lead to remote code execution on the host system. Sanitize user input before interpolating it into shell commands or JSON payloads. Use a JSON-aware tool like `jq` to construct JSON objects from variables, or properly escape all special characters (especially double quotes and backslashes) in the `$ARTIST` variable and ensure `$SLIPPAGE` is a valid number before embedding them in the JSON string. For example, use `jq -n --arg artist "$ARTIST" --argjson slippage "$SLIPPAGE" '{"artist_name": $artist, "max_slippage_percent": $slippage}'` and pipe its output to `curl -d @-`.	LLM	scripts/buy.sh:60
CRITICAL	Command Injection via Unsanitized User Input in Shell Script The `ARTIST` argument, which is user-controlled input, is directly interpolated into a JSON payload within a `curl -d` command. This allows an attacker to inject arbitrary shell commands by crafting a malicious `ARTIST` value (e.g., by closing the JSON string and injecting shell metacharacters). This can lead to remote code execution on the host system. Sanitize user input before interpolating it into shell commands or JSON payloads. Use a JSON-aware tool like `jq` to construct JSON objects from variables, or properly escape all special characters (especially double quotes and backslashes) in the `$ARTIST` variable before embedding it in the JSON string. For example, use `jq -n --arg artist "$ARTIST" '{"artist_name": $artist}'` and pipe its output to `curl -d @-`.	LLM	scripts/price.sh:34
CRITICAL	Command Injection via Unsanitized User Input in Shell Script The `ARTIST` argument, which is user-controlled input, is directly interpolated into a JSON payload within a `curl -d` command. This allows an attacker to inject arbitrary shell commands by crafting a malicious `ARTIST` value (e.g., by closing the JSON string and injecting shell metacharacters). This can lead to remote code execution on the host system. Sanitize user input before interpolating it into shell commands or JSON payloads. Use a JSON-aware tool like `jq` to construct JSON objects from variables, or properly escape all special characters (especially double quotes and backslashes) in the `$ARTIST` variable before embedding it in the JSON string. For example, use `jq -n --arg artist "$ARTIST" '{"artist_name": $artist}'` and pipe its output to `curl -d @-`.	LLM	scripts/sell.sh:40
CRITICAL	Command Injection via Unsanitized User Input in Shell Script The `ARTIST` and `SLIPPAGE` arguments, which are user-controlled inputs, are directly interpolated into a JSON payload within a `curl -d` command. This allows an attacker to inject arbitrary shell commands or manipulate the JSON structure by crafting malicious values. This can lead to remote code execution on the host system. Sanitize user input before interpolating it into shell commands or JSON payloads. Use a JSON-aware tool like `jq` to construct JSON objects from variables, or properly escape all special characters (especially double quotes and backslashes) in the `$ARTIST` variable and ensure `$SLIPPAGE` is a valid number before embedding them in the JSON string. For example, use `jq -n --arg artist "$ARTIST" --argjson slippage "$SLIPPAGE" '{"artist_name": $artist, "max_slippage_percent": $slippage}'` and pipe its output to `curl -d @-`.	LLM	scripts/sell.sh:60
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/hans1329/ktrendz-skill/SKILL.md:1
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/hans1329/ktrendz-skill/scripts/buy.sh:4
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/hans1329/ktrendz-skill/scripts/price.sh:4
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/hans1329/ktrendz-skill/scripts/sell.sh:4
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/hans1329/ktrendz-skill/scripts/setup.sh:4
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/hans1329/ktrendz-skill/scripts/tokens.sh:4
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	skills/hans1329/ktrendz-skill/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/132ffcf2ea716772.svg)](https://skillshield.io/report/132ffcf2ea716772)