Security Audit

OpenAirtime

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

OpenAirtime received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 0 medium, and 1 low severity. Key findings include Potential Command Injection via unsanitized user input in shell commands, Information Disclosure: Absolute file paths in skill definition.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

68%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via unsanitized user input in shell commands The skill instructs the LLM to construct and execute shell commands using `node` with arguments that are likely derived from user input (e.g., 'Your message here', 'Your reply here', CAST_HASH, FID, CLAIM_CODE, PHONE_NUMBER). If these inputs are not rigorously sanitized by the LLM before being passed to the shell, a malicious user could inject arbitrary shell commands, leading to remote code execution. The skill provides no explicit instructions for sanitization. The LLM must be explicitly instructed to sanitize all user-provided inputs (e.g., CAST_HASH, message content, FID, CLAIM_CODE, PHONE_NUMBER) by escaping shell metacharacters before incorporating them into shell commands. A more robust solution would be to abstract these commands into dedicated tool functions that handle argument passing securely, rather than relying on direct shell command construction by the LLM.	LLM	SKILL.md:30
LOW	Information Disclosure: Absolute file paths in skill definition The skill definition exposes absolute Windows file paths (e.g., `c:\Users\LOYAL\Documents\openairtime\scripts\farcaster.js`) for the scripts it intends to execute. This leaks information about the development or deployment environment's internal structure, which is generally not recommended for portable or publicly distributed skills. While not directly sensitive user data, it provides reconnaissance information that could be used in targeted attacks. Replace absolute paths with relative paths if the scripts are part of the skill package, or abstract the script execution through a tool definition that does not expose the underlying file system structure. For example, define a tool `farcaster_post(message)` instead of instructing the LLM to construct the `node` command directly with paths.	LLM	SKILL.md:30

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/c97b1ab40fa485cd.svg)](https://skillshield.io/report/c97b1ab40fa485cd)