Security Audit

moonpay

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

moonpay received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Hidden network beacons / undisclosed telemetry, Command Injection via Transaction ID in URL, Command Injection in Webhook Verification Payload.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

85%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

3 findings

Filesystem Write

1 finding

Shell Execution

3 findings

Dynamic Code

2 findings

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Command Injection in Webhook Verification Payload The `verify_webhook` function takes `payload` as an argument, which is then directly used in `echo -n "$payload"` within a subshell (`$(...)`). If this `payload` comes from an untrusted source (e.g., a webhook body), an attacker can inject shell metacharacters (e.g., `$(evil_command)`) into the payload to execute arbitrary commands on the host system. This is a critical vulnerability as webhooks are typically exposed to external, untrusted data. Avoid direct interpolation of untrusted input into shell commands. If shell execution is necessary, use `printf %q` to properly quote and escape the input, or pass the payload via standard input to `openssl` directly (e.g., `echo -n "$payload" \| openssl ...`). Better yet, perform cryptographic operations in a language runtime (e.g., Python, Node.js) that offers safer APIs for HMAC calculation without shell execution.	LLM	SKILL.md:169
HIGH	Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious.	Manifest	skills/0xterrybit/moonpay/SKILL.md:168
HIGH	Command Injection via Transaction ID in URL The `TX_ID` variable is directly interpolated into the `curl` command's URL path. If `TX_ID` originates from untrusted input (e.g., user input), an attacker could inject shell metacharacters (e.g., `'; rm -rf /; #'`) to execute arbitrary commands on the host system. This pattern is a common vector for command injection. Sanitize or properly escape `TX_ID` before using it in the `curl` command. For URL paths, ensure it's URL-encoded. For shell execution, use `printf %q` or similar shell-specific escaping mechanisms, or prefer using a language's HTTP client library that handles parameterization safely.	LLM	SKILL.md:105

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f9e523ed9ed7f78c.svg)](https://skillshield.io/report/f9e523ed9ed7f78c)