Security Audit

mcdonald

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

mcdonald received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via `curl` arguments, Credential Exfiltration via configurable `MCD_MCP_URL`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via `curl` arguments The skill explicitly states it uses an 'exec' tool to execute `curl` commands. These commands construct JSON payloads with arguments (e.g., `page`, `pageSize` for `my-coupons`). If these arguments are derived from untrusted user input and directly interpolated into the `curl -d` string without proper shell escaping or JSON escaping, an attacker could inject shell metacharacters or malicious JSON to break out of the data payload and execute arbitrary commands on the host system. Ensure all user-provided arguments passed to `curl -d` are strictly validated and properly escaped for both JSON and shell contexts before being included in the command string. Prefer using a dedicated HTTP client library that handles parameter serialization and execution securely over raw shell `curl` commands. Implement strict input sanitization for all parameters that can be influenced by user input.	LLM	SKILL.md:40
HIGH	Credential Exfiltration via configurable `MCD_MCP_URL` The skill passes the sensitive `MCD_TOKEN` in the `Authorization` header of `curl` requests. The target URL, `MCD_MCP_URL`, is configurable (defaulting to `https://mcp.mcd.cn`). If an attacker can manipulate the `MCD_MCP_URL` (e.g., through prompt injection to set an environment variable or a skill configuration parameter), they could redirect the `curl` command, including the `MCD_TOKEN`, to a malicious server they control, thereby exfiltrating the credential. Implement strict validation and allowlisting for `MCD_MCP_URL` to ensure it only points to trusted domains. Prevent untrusted input from modifying this configuration. Consider using a secure credential management system instead of environment variables for sensitive tokens, or ensure the skill runtime provides secure mechanisms for passing credentials that are not susceptible to URL redirection.	LLM	SKILL.md:28

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2fe8118ccc272caf.svg)](https://skillshield.io/report/2fe8118ccc272caf)