Security Audit

mailgun

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

mailgun received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 8 findings: 4 critical, 1 high, 3 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Shell RC file modification, Shell command injection via unsanitized script arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

10%

Static Code Analysis

79%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

7 findings

Shell Execution

8 findings

Dynamic Code

2 findings

Security Findings8

Severity	Finding	Layer	Location
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/alphafactor/mailgun/SKILL.md:8
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/alphafactor/mailgun/SKILL.md:19
CRITICAL	Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles.	Manifest	skills/alphafactor/mailgun/scripts/send_email.sh:19
CRITICAL	Shell command injection via unsanitized script arguments The `scripts/send_email.sh` script directly interpolates user-provided arguments (`SUBJECT`, `BODY`, `TO`, `FROM`) into a `curl` command. Although double-quoted, these variables are still subject to command substitution (`$(...)` or `` `...` ``) and potential command chaining (e.g., using `;` or `&&`) by the shell before `curl` is executed. An attacker can craft malicious input (e.g., `$(evil_command)` or `"; evil_command; echo "`) for any of these arguments to execute arbitrary commands on the host system. To prevent shell command injection, user-supplied input for `SUBJECT`, `BODY`, `TO`, and `FROM` must be strictly validated and sanitized to remove or escape shell metacharacters (e.g., `$`, `` ` ``, `;`, `\|`, `&`, `<`, `>`, `(`, `)`). A robust solution involves using a programming language with safer string handling for constructing external commands, or if sticking to bash, using `printf %q` to properly quote arguments for the shell, combined with strict input filtering.	LLM	scripts/send_email.sh:20
HIGH	Potential data exfiltration via command injection in script arguments Due to the shell command injection vulnerability (SS-LLM-003), an attacker can craft malicious input for `SUBJECT`, `BODY`, `TO`, or `FROM` arguments (e.g., `$(cat /etc/passwd)`). This allows the attacker to read sensitive files or environment variables from the host system and include their content in the email's subject or body, effectively exfiltrating data through the Mailgun service to an arbitrary recipient. Implement robust input validation and sanitization for all user-supplied arguments (`SUBJECT`, `BODY`, `TO`, `FROM`) to prevent shell metacharacters and command substitution. This is a direct consequence of the command injection vulnerability, and fixing the injection will mitigate this exfiltration risk.	LLM	scripts/send_email.sh:20
MEDIUM	Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration.	Static	skills/alphafactor/mailgun/SKILL.md:8
MEDIUM	Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration.	Static	skills/alphafactor/mailgun/SKILL.md:19
MEDIUM	Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration.	Static	skills/alphafactor/mailgun/scripts/send_email.sh:19

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a49a8be8df55d050.svg)](https://skillshield.io/report/a49a8be8df55d050)