Trust Assessment
p2p-comm received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 2 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Sensitive environment variable access: $HOME, Command Injection via unsanitized arguments to Node.js child process.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chenkuansun/openclaw-p2p/p2p.js:14 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/chenkuansun/openclaw-p2p/p2p.js:21 | |
| CRITICAL | Command Injection via unsanitized arguments to Node.js child process The `p2p.js` script executes a Node.js child process using `execFileSync` and directly passes `process.argv.slice(2)` as arguments to it. This means any user-controlled input provided to `p2p.js` (e.g., agentId, topic, message content from SKILL.md examples) can be interpreted as Node.js command-line arguments. An attacker can inject malicious Node.js flags like `--eval` or `--require` to execute arbitrary code within the agent's environment. Sanitize or validate all user-provided arguments before passing them to `execFileSync`. Ensure that only expected arguments are passed and that no Node.js-specific flags can be injected. Consider using a more robust argument parsing library that explicitly separates options from positional arguments, or whitelist allowed arguments. | LLM | p2p.js:19 | |
| HIGH | Excessive Permissions: All environment variables passed to child process The `execFileSync` call explicitly passes `env: process.env`, which means the child Node.js process inherits all environment variables from the parent process. If the parent process (the LLM agent's runtime) contains sensitive information like API keys, database credentials, or cloud access tokens in its environment, the child process will have full access to them. Combined with the command injection vulnerability, this allows an attacker to easily exfiltrate these sensitive environment variables. Explicitly define a minimal set of environment variables required by the child process instead of passing `process.env` entirely. For example, `env: { PATH: process.env.PATH, P2P_RELAY_URL: process.env.P2P_RELAY_URL }`. Avoid passing sensitive credentials via environment variables if possible, or ensure they are not exposed to untrusted child processes. | LLM | p2p.js:20 | |
| HIGH | Potential Data Exfiltration via command injection and identity file access The skill mentions persisting identity to `~/.openclaw/p2p-identity.json`. With the identified command injection vulnerability, an attacker could craft a payload to read the contents of this sensitive identity file or any other accessible file on the system. The `sendfile` command, which takes base64-encoded content, could then be leveraged to exfiltrate the read data, or a custom Node.js payload could send the data over the network. Address the underlying command injection vulnerability. Additionally, ensure that sensitive files like `p2p-identity.json` are protected with appropriate file system permissions and that the skill's runtime environment has minimal necessary privileges. Implement strict input validation for all commands that handle file paths or content. | LLM | SKILL.md:10 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/chenkuansun/openclaw-p2p/SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/cd760445ddf348b7)
Powered by SkillShield