Security Audit

opensysinfo-skill

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

opensysinfo-skill received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via user-controlled DISK_PATH, JSON Injection in fallback output due to unescaped user input.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Command Injection via user-controlled DISK_PATH The `DISK_PATH` variable, which is directly controlled by user input via the `--disk` option, is used without sufficient sanitization in `df` commands. An attacker can inject shell metacharacters (e.g., `;`, `\|`, `$(...)`) into `DISK_PATH` to execute arbitrary commands on the host system. Sanitize the `DISK_PATH` variable to ensure it contains only valid path characters and does not include shell metacharacters. Alternatively, use a more robust method for passing arguments to `df` that prevents shell interpretation, or strictly validate the input against a whitelist of allowed characters for paths.	LLM	scripts/sysinfo.sh:100
MEDIUM	JSON Injection in fallback output due to unescaped user input When `python3` is not available and the script falls back to `printf` for JSON output, user-controlled variables such as `OS_NAME`, `OS_RELEASE`, `OS_ARCH`, `DISTRO`, and `DISK_PATH` are directly interpolated into JSON string values without proper escaping. This allows an attacker to inject arbitrary JSON fragments, potentially breaking the JSON structure or manipulating the data presented to the consumer. Ensure all user-controlled or dynamically generated string values are properly escaped before being included in JSON output. The `esc()` function defined earlier in the script should be used for all string values in the `printf` based JSON fallback. A more robust solution is to always rely on a dedicated JSON library (like Python's `json.dumps`) for generating JSON output, as it handles all necessary escaping automatically.	LLM	scripts/sysinfo.sh:180

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/67255fb8d5ef2451.svg)](https://skillshield.io/report/67255fb8d5ef2451)