Trust Assessment
openclaw-setup received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via Unsanitized User Input in Environment Variable Assignment, Command Injection via Unsanitized User Input in Environment Variable Assignment (Verification), Command Injection via Unsanitized Domain Name in Certbot Command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Unsanitized User Input in Environment Variable Assignment The skill instructs the LLM to execute shell commands where user-provided values for `GOG_KEYRING_PASSWORD` and `GOG_ACCOUNT` are directly assigned as environment variables. If these user inputs contain shell metacharacters (e.g., `my_pass; malicious_command`), they can break out of the environment variable assignment and execute arbitrary commands before the `gog` utility is even invoked. This is a direct and severe command injection vulnerability. Instruct the LLM to strictly sanitize or escape user-provided `<password>` and `<user-email>` values to prevent shell metacharacter interpretation. Ideally, use a method that does not involve direct shell variable assignment with unsanitized user input, or ensure the LLM uses robust quoting/escaping mechanisms. | LLM | SKILL.md:160 | |
| CRITICAL | Command Injection via Unsanitized User Input in Environment Variable Assignment (Verification) Similar to the previous finding, the skill instructs the LLM to execute verification commands where user-provided values for `GOG_KEYRING_PASSWORD` and `GOG_ACCOUNT` are directly assigned as environment variables. This presents the same critical command injection vulnerability if the user inputs contain shell metacharacters. Instruct the LLM to strictly sanitize or escape user-provided `<password>` and `<user-email>` values to prevent shell metacharacter interpretation. Ideally, use a method that does not involve direct shell variable assignment with unsanitized user input, or ensure the LLM uses robust quoting/escaping mechanisms. | LLM | SKILL.md:164 | |
| HIGH | Command Injection via Unsanitized Domain Name in Certbot Command The skill instructs the LLM to execute a `certbot` command using a user-provided domain name. If the user provides a malicious string containing shell metacharacters (e.g., `example.com; rm -rf /`), it could lead to arbitrary command execution on the server. The skill does not include instructions for sanitizing this input. Instruct the LLM to sanitize the `<domain>` input before using it in the command, for example, by ensuring it only contains valid domain characters or by quoting it appropriately if the command supports it. | LLM | SKILL.md:180 | |
| MEDIUM | Potential Command Injection via Unsanitized User Input in Systemd Environment Variables The skill instructs the LLM to create a systemd service file using a heredoc, which includes user-provided values for `GOG_KEYRING_PASSWORD` and `GOG_ACCOUNT` as environment variables. While `tee` with a quoted heredoc is generally safe for the file content itself, the LLM's process of substituting user input into these placeholders, especially if it were to use a less secure method than direct string replacement (e.g., `sed`), or if the systemd service itself were to interpret these environment variables as shell commands, could lead to command injection. The primary risk is in the LLM's implementation of the substitution. Instruct the LLM to ensure that any user-provided values inserted into configuration files, especially those that might be interpreted by a shell or other command processor, are properly escaped or quoted according to the target format's rules. For systemd `Environment=` directives, values should be quoted if they contain spaces or special characters, and any shell metacharacters should be escaped. | LLM | SKILL.md:219 |
Scan History
Embed Code
[](https://skillshield.io/report/cdb3653c7524f863)
Powered by SkillShield