Security Audit

ntopng-admin

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

ntopng-admin received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 6 findings: 3 critical, 3 high, 0 medium, and 0 low severity. Key findings include Remote Command Injection via Unsanitized User Input in SSH Commands, Local Command Injection via Unsanitized User Input in `grep`, Misleading Security Claim: 'Input Sanitization'.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Shell Execution

6 findings

Dynamic Code

6 findings

Excessive Permissions

3 findings

Security Findings6

Severity	Finding	Layer	Location
CRITICAL	Remote Command Injection via Unsanitized User Input in SSH Commands The `ssh_opnsense` function executes a single string on the remote OPNsense host. User-controlled variables (`$mac`, `$ip`, `$app`) are embedded directly into single-quoted strings within these remote commands. If an attacker provides input containing a single quote ('), they can break out of the quoted string and inject arbitrary shell commands to be executed on the remote system with the privileges of the SSH user (root). This bypasses the intended command structure and allows for full remote code execution. Modify the calls to `ssh_opnsense` to pass the remote command and its arguments as separate parameters, allowing `ssh` to handle proper quoting for the remote shell. For example, instead of `ssh_opnsense "redis-cli get 'ntopng.serialized_macs.ifid_0_${mac}'"`, use `ssh_opnsense redis-cli get "ntopng.serialized_macs.ifid_0_${mac}"`. Additionally, implement strict input validation (e.g., regex for MAC/IP addresses, alphanumeric for app names) for all user-controlled variables before they are used in any command.	LLM	scripts/ntopng-helper.sh:74
CRITICAL	Remote Command Injection via Unsanitized User Input in SSH Commands The `ssh_opnsense` function executes a single string on the remote OPNsense host. User-controlled variables (`$mac`, `$ip`, `$app`) are embedded directly into single-quoted strings within these remote commands. If an attacker provides input containing a single quote ('), they can break out of the quoted string and inject arbitrary shell commands to be executed on the remote system with the privileges of the SSH user (root). This bypasses the intended command structure and allows for full remote code execution. Modify the calls to `ssh_opnsense` to pass the remote command and its arguments as separate parameters, allowing `ssh` to handle proper quoting for the remote shell. For example, instead of `ssh_opnsense "grep '$ip' /var/db/ntopng/ntopng.log"`, use `ssh_opnsense grep "$ip" /var/db/ntopng/ntopng.log`. Additionally, implement strict input validation (e.g., regex for MAC/IP addresses, alphanumeric for app names) for all user-controlled variables before they are used in any command.	LLM	scripts/ntopng-helper.sh:99
CRITICAL	Remote Command Injection via Unsanitized User Input in SSH Commands The `ssh_opnsense` function executes a single string on the remote OPNsense host. User-controlled variables (`$mac`, `$ip`, `$app`) are embedded directly into single-quoted strings within these remote commands. If an attacker provides input containing a single quote ('), they can break out of the quoted string and inject arbitrary shell commands to be executed on the remote system with the privileges of the SSH user (root). This bypasses the intended command structure and allows for full remote code execution. Modify the calls to `ssh_opnsense` to pass the remote command and its arguments as separate parameters, allowing `ssh` to handle proper quoting for the remote shell. For example, instead of `ssh_opnsense "grep -i '$app' /var/db/ntopng/ntopng.log"`, use `ssh_opnsense grep -i "$app" /var/db/ntopng/ntopng.log`. Additionally, implement strict input validation (e.g., regex for MAC/IP addresses, alphanumeric for app names) for all user-controlled variables before they are used in any command.	LLM	scripts/ntopng-helper.sh:120
HIGH	Local Command Injection via Unsanitized User Input in `grep` User-controlled input (`$mac`, `$ip`) is used directly within local `grep` commands without sufficient sanitization or validation. If an attacker provides input containing shell command substitution patterns (e.g., `$(command)` or `` `command` ``), the embedded command will be executed on the local host where the skill is running. This allows for local code execution. Implement strict input validation for `$target` (which becomes `$mac` or `$ip`) using regex patterns to ensure it conforms to expected MAC or IP address formats before it is used in any command. For `grep` specifically, using `grep -- "$var"` can help prevent option injection, but robust input validation is essential to prevent command substitution.	LLM	scripts/ntopng-helper.sh:58
HIGH	Local Command Injection via Unsanitized User Input in `grep` User-controlled input (`$mac`, `$ip`) is used directly within local `grep` commands without sufficient sanitization or validation. If an attacker provides input containing shell command substitution patterns (e.g., `$(command)` or `` `command` ``), the embedded command will be executed on the local host where the skill is running. This allows for local code execution. Implement strict input validation for `$target` (which becomes `$mac` or `$ip`) using regex patterns to ensure it conforms to expected MAC or IP address formats before it is used in any command. For `grep` specifically, using `grep -- "$var"` can help prevent option injection, but robust input validation is essential to prevent command substitution.	LLM	scripts/ntopng-helper.sh:62
HIGH	Misleading Security Claim: 'Input Sanitization' The `SKILL.md` documentation explicitly states under 'Security Implementation' that 'Input Sanitization: Arguments are filtered to prevent shell injection attempts.' However, the accompanying `scripts/ntopng-helper.sh` contains multiple instances of both local and remote command injection vulnerabilities due to insufficient input sanitization and improper command construction. This discrepancy creates a false sense of security regarding the skill's robustness against injection attacks. Either implement robust input sanitization and secure command execution practices in `scripts/ntopng-helper.sh` to genuinely prevent shell injection attempts, or update the `SKILL.md` documentation to accurately reflect the current security posture and known vulnerabilities of the skill.	LLM	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/edb674f3a526d198.svg)](https://skillshield.io/report/edb674f3a526d198)