Security Audit

meeting-minutes-generator

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

meeting-minutes-generator received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Potential Prompt Injection via Markdown Generation, Arbitrary File Write via `export_all_actions`.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
HIGH	Arbitrary File Write via `export_all_actions` The `export_all_actions` method allows writing an Excel file to an arbitrary `output_path` provided by the user. This poses a significant security risk, as a malicious actor could specify paths to sensitive system locations (e.g., `/etc/passwd`, `/root/.ssh/authorized_keys`), overwrite critical files, or write to network shares for data exfiltration. This constitutes both an excessive permission and a data exfiltration risk. Restrict the `output_path` to a predefined, sandboxed directory that is inaccessible to other parts of the system. Implement strict path validation to prevent directory traversal attacks (e.g., `../`, absolute paths outside the sandbox). Consider using a temporary file system or a dedicated output directory for all generated files.	LLM	SKILL.md:238
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/datadrivenconstruction/meeting-minutes-generator/SKILL.md:1
MEDIUM	Potential Prompt Injection via Markdown Generation The `generate_minutes_document` method constructs a markdown string by directly embedding various user-provided data fields (e.g., `title`, `discussion`, `description`, `name`, `company`, `role`, `presenter`, `assigned_to`). If this generated markdown is subsequently fed into an LLM without proper sanitization or instruction framing, a malicious user could inject new instructions or manipulate the LLM's behavior by crafting specific inputs for these fields. Implement robust input sanitization for all user-controlled text fields before they are incorporated into the generated markdown. Alternatively, ensure that any downstream LLM calls that consume this markdown explicitly treat it as data/content rather than instructions, for example, by wrapping it in specific data tags or using a dedicated content-only input parameter.	LLM	SKILL.md:190

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5d0b88e2b7da7aa8.svg)](https://skillshield.io/report/5d0b88e2b7da7aa8)