Security Audit

openclaw-gen

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

openclaw-gen received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via user-controlled 'prompt' and 'node' binary.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via user-controlled 'prompt' and 'node' binary The skill's manifest explicitly declares a dependency on the `node` binary (`"bins": ["node"]`), granting it the capability to execute arbitrary JavaScript/TypeScript code on the host system. The `SKILL.md` describes the agent invoking the `llm-task` tool with a `prompt` parameter that is explicitly derived from user input ("用户需求描述"). If the `llm-task` tool or the underlying `openclaw-gen` implementation processes this user-controlled `prompt` using `node` without robust sanitization, it could lead to arbitrary command execution on the host system. This allows an attacker to potentially execute malicious code, access files, or perform other unauthorized actions. 1. Input Sanitization: Implement strict input validation and sanitization for the `prompt` parameter within the `llm-task` tool. Never directly execute user-controlled strings as code or pass them unsanitized to shell commands. 2. Least Privilege: If `node` is used, ensure the execution environment is sandboxed or containerized to limit its capabilities and prevent unauthorized system access. 3. Review `llm-task` Implementation: Thoroughly review the source code of `llm-task` and `openclaw-gen` to ensure that user input is handled securely and does not lead to arbitrary code execution.	LLM	SKILL.md:41

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5c584a4dd8c26503.svg)](https://skillshield.io/report/5c584a4dd8c26503)