Trust Assessment
lightweight-kb received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Command Injection via Unsanitized Grep Argument, Excessive Permissions: Hardcoded Root Workspace Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 56/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via Unsanitized Grep Argument The `query.sh` script directly interpolates user-provided input (`$keyword`) into a `grep` command without proper escaping or sanitization. This allows for command injection via command substitution (e.g., `$(command)` or `` `command` ``), enabling an attacker to execute arbitrary shell commands or exfiltrate sensitive data (e.g., `$(cat /etc/passwd)`). To prevent command injection, ensure that user-controlled input is properly quoted or sanitized before being passed to shell commands. For `grep`, consider using `grep -F` if searching for fixed strings, or escape special characters in the keyword. A safer approach would be to use `printf '%s\n' "$keyword" | grep -i -f - "$profile_file"` to pass the keyword as a literal pattern. | LLM | scripts/query.sh:36 | |
| HIGH | Command Injection via Unsanitized Grep Argument The `query.sh` script directly interpolates user-provided input (`$keyword`) into a `grep` command without proper escaping or sanitization. This allows for command injection via command substitution (e.g., `$(command)` or `` `command` ``), enabling an attacker to execute arbitrary shell commands or exfiltrate sensitive data (e.g., `$(cat /etc/passwd)`). To prevent command injection, ensure that user-controlled input is properly quoted or sanitized before being passed to shell commands. For `grep`, consider using `grep -F` if searching for fixed strings, or escape special characters in the keyword. A safer approach would be to use `printf '%s\n' "$keyword" | grep -i -f - "$task_file"` to pass the keyword as a literal pattern. | LLM | scripts/query.sh:55 | |
| MEDIUM | Excessive Permissions: Hardcoded Root Workspace Path The skill's scripts (`daily_evolve.sh` and `init.sh`) hardcode the `WORKSPACE_DIR` to `/root/.openclaw/workspace`. This implies that the skill expects to run with root privileges or have direct access to the `/root` directory, which is typically the home directory of the superuser. Running applications with unnecessary root privileges increases the attack surface and the potential impact of any vulnerability. It also creates an assumption about the execution environment that might not always be true or secure. Change `WORKSPACE_DIR` to a non-privileged, dedicated application data directory (e.g., `/var/lib/openclaw/workspace`, `/opt/openclaw/workspace`, or a directory within the skill's own structure if it doesn't need to be global). Ensure the skill runs with the least necessary privileges. | LLM | scripts/daily_evolve.sh:4 | |
| MEDIUM | Excessive Permissions: Hardcoded Root Workspace Path The skill's scripts (`daily_evolve.sh` and `init.sh`) hardcode the `WORKSPACE_DIR` to `/root/.openclaw/workspace`. This implies that the skill expects to run with root privileges or have direct access to the `/root` directory, which is typically the home directory of the superuser. Running applications with unnecessary root privileges increases the attack surface and the potential impact of any vulnerability. It also creates an assumption about the execution environment that might not always be true or secure. Change `WORKSPACE_DIR` to a non-privileged, dedicated application data directory (e.g., `/var/lib/openclaw/workspace`, `/opt/openclaw/workspace`, or a directory within the skill's own structure if it doesn't need to be global). Ensure the skill runs with the least necessary privileges. | LLM | scripts/init.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/2872c63c3ba4115e)
Powered by SkillShield