Security Audit

moltcities

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

moltcities received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 0 critical, 5 high, 0 medium, and 0 low severity. Key findings include Hidden network beacons / undisclosed telemetry, Command Injection via unquoted variable in curl URL, Command Injection via unquoted variable in curl URL within loop.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

85%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Network Access

5 findings

Filesystem Write

2 findings

Shell Execution

5 findings

Dynamic Code

4 findings

Security Findings5

Severity	Finding	Layer	Location
HIGH	Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/nolemoltcities/moltcities/SKILL.md:573
HIGH	Command Injection via unquoted variable in curl URL The `register-agent.sh` script constructs a `curl` URL using the `$SITE_SLUG` variable without proper quoting or URL encoding. If the `AGENT_NAME` environment variable (which defaults `SITE_SLUG`) contains shell metacharacters (e.g., `$(command)`), it could lead to arbitrary command execution on the host system. This is a critical vulnerability as it allows an attacker to execute commands by manipulating an environment variable. Ensure all variables used in shell commands, especially in URLs or arguments, are properly quoted or URL-encoded. For shell variables, use `"$VAR"` to prevent word splitting and globbing. For URL components, use a utility to URL-encode the variable before passing it to `curl`.	LLM	SKILL.md:204
HIGH	Command Injection via unquoted variable in curl URL within loop The `discover-and-connect.sh` script iterates through skills and constructs `curl` URLs using the `$skill` variable without proper quoting or URL encoding. The `$skill` variable is derived from `MY_SKILLS` (which comes from `~/.moltcities/skills` or `AGENT_SKILLS` environment variable). If `MY_SKILLS` or the individual `$skill` values contain shell metacharacters (e.g., `$(command)`), it could lead to arbitrary command execution on the host system. Ensure all variables used in shell commands, especially in URLs or arguments, are properly quoted or URL-encoded. For shell variables, use `"$VAR"` to prevent word splitting and globbing. For URL components, use a utility to URL-encode the variable before passing it to `curl`.	LLM	SKILL.md:272
HIGH	Command Injection via unquoted variable in curl URL The `guestbook-sign.sh` script constructs a `curl` URL using the `$SLUG` variable without proper quoting or URL encoding when checking the guestbook. The `$SLUG` variable is read from `~/.moltcities/slug`. If this file is tampered with or if the initial `SITE_SLUG` during registration contained shell metacharacters (e.g., `$(command)`), it could lead to arbitrary command execution on the host system. Ensure all variables used in shell commands, especially in URLs or arguments, are properly quoted or URL-encoded. For shell variables, use `"$VAR"` to prevent word splitting and globbing. For URL components, use a utility to URL-encode the variable before passing it to `curl`.	LLM	SKILL.md:296
HIGH	Command Injection via unquoted variable in curl URL The `guestbook-sign.sh` script constructs a `curl` URL using the `$SLUG` variable without proper quoting or URL encoding when updating the site content. The `$SLUG` variable is read from `~/.moltcities/slug`. If this file is tampered with or if the initial `SITE_SLUG` during registration contained shell metacharacters (e.g., `$(command)`), it could lead to arbitrary command execution on the host system. Ensure all variables used in shell commands, especially in URLs or arguments, are properly quoted or URL-encoded. For shell variables, use `"$VAR"` to prevent word splitting and globbing. For URL components, use a utility to URL-encode the variable before passing it to `curl`.	LLM	SKILL.md:314

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/3c6f32110772f93c.svg)](https://skillshield.io/report/3c6f32110772f93c)