Security Audit

monitor-gen

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

monitor-gen received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Direct User Input Leads to Prompt Injection.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Direct User Input Leads to Prompt Injection The `ai-monitoring` CLI tool takes a `<description>` argument directly from the user (`src/cli.ts`, line 12). This untrusted input is then passed without any sanitization or validation to the `generate` function (`src/cli.ts`, line 14). Inside `src/index.ts` (line 7), this `description` is directly inserted as the `content` for the `user` role in an OpenAI chat completion API call. This direct injection allows an attacker to manipulate the underlying Large Language Model (LLM) by crafting malicious input, potentially overriding the system prompt, generating unintended or harmful content, or attempting to extract information from the LLM's context. Implement robust input validation and sanitization for the `description` argument before it is passed to the LLM. Consider using a separate moderation API or an LLM-based guardrail to detect and filter out malicious prompts. Structure the LLM prompt to minimize the impact of user input on system instructions, for example, by using few-shot examples or separating user input into distinct, constrained variables.	LLM	src/index.ts:7
MEDIUM	Unpinned npm dependency version Dependency 'commander' is not pinned to an exact version ('^12.1.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/lxgicstudios/monitor-gen/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/95794e29a244fbc7.svg)](https://skillshield.io/report/95794e29a244fbc7)