Security Audit

last30days

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

last30days received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Command Injection via `bird` CLI with unsanitized user input, Potential Data Exfiltration of X/Twitter cookies via `bird` CLI.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Command Injection via `bird` CLI with unsanitized user input The skill directly executes a shell command `bird search "[topic]" -n 10 --plain`. The `[topic]` argument is intended to be user-provided input. If this input is not properly sanitized or escaped before being passed to the shell, an attacker can inject arbitrary shell commands by including metacharacters (e.g., `;`, `\|`, `&`, `$(...)`) within the `[topic]` string. This could lead to arbitrary code execution on the host system. Implement robust input sanitization for the `[topic]` variable before passing it to the `bird` command. Ensure all user-controlled arguments are properly quoted and escaped to prevent shell metacharacter interpretation. Ideally, use a library or API that handles argument escaping, or consider an alternative method that avoids direct shell execution with user-controlled input.	LLM	SKILL.md:42
HIGH	Potential Data Exfiltration of X/Twitter cookies via `bird` CLI The skill notes that 'Bird requires X/Twitter cookies (already configured)'. While not a direct exfiltration, the presence of these sensitive credentials, combined with the command injection vulnerability identified in the `bird search` command, creates a high risk. An attacker exploiting the command injection could potentially access and exfiltrate these cookies or other sensitive files accessible to the `bird` process, leading to account compromise or further system access. In addition to sanitizing input for command execution, ensure that the `bird` CLI runs with the minimum necessary permissions and in a sandboxed environment. Re-evaluate if `bird` needs direct access to cookies, or if an API-based approach could be used to interact with X/Twitter without exposing sensitive local credentials to a potentially vulnerable CLI tool.	LLM	SKILL.md:76

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/fe211bce5d6e0a39.svg)](https://skillshield.io/report/fe211bce5d6e0a39)