Trust Assessment
peaq-robotics received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 10 findings: 4 critical, 1 high, 4 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Sensitive environment variable access: $HOME, Command Injection via unescaped arguments in 'ros2 service call'.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings10
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/lavish0000/peaq-robotics/scripts/lib/config.sh:68 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/lavish0000/peaq-robotics/scripts/lib/config.sh:69 | |
| CRITICAL | Command Injection via unescaped arguments in 'ros2 service call' Multiple commands in 'peaq_ros2.sh' construct 'ros2 service call' commands by embedding shell arguments directly into single-quoted strings without proper escaping. If any of these arguments (e.g., '$metadata_json', '$to_address', '$amount', '$key', '$value_json', '$role', '$description', '$permission', '$user', '$from_address') contain a single quote (') or other shell metacharacters (like ';', '`', '$()', newline), it will break out of the string and allow arbitrary command execution. This is particularly dangerous as the 'read_json_arg' function, used for JSON arguments, can return raw file content (if the file is not valid JSON), effectively injecting arbitrary file content into the shell command. Properly escape all shell arguments before embedding them into commands. For JSON strings, use 'jq' to construct the JSON and pass it via stdin or a temporary file to 'ros2 service call' if it supports it. For other string arguments, ensure they are properly quoted and escaped, for example, by replacing single quotes with '\'' or using 'printf %q' for full shell escaping. This vulnerability affects 'did-create', 'identity-card-did-create', 'fund', 'store-add', 'access-create-role', 'access-create-permission', 'access-assign-permission', 'access-grant-role', and 'tether-usdt-transfer' commands. | LLM | scripts/peaq_ros2.sh:140 | |
| CRITICAL | Command Injection via unescaped agent ID in 'openclaw agent' command The 'fund-request-send' command in 'peaq_ros2.sh' constructs an 'openclaw agent' command by embedding the '$funder_agent_id' variable directly without proper shell escaping. If '$funder_agent_id' contains shell metacharacters (e.g., ';', '&', '|', '$(...)', '`'), it can lead to arbitrary command execution on the host system. Ensure the '$funder_agent_id' variable is properly quoted and escaped for shell execution. A robust method is to use 'printf %q "$funder_agent_id"' to safely embed the variable into the command string. | LLM | scripts/peaq_ros2.sh:164 | |
| HIGH | Data Exfiltration via arbitrary file read in 'read_json_arg' The 'read_json_arg' function in 'scripts/lib/utils.sh' allows reading the content of arbitrary files by prefixing the argument with '@' (e.g., '@/etc/passwd'). The function attempts to parse the file content as JSON, but if parsing fails, it returns the raw content. This capability can be exploited by an attacker to exfiltrate sensitive files from the system where the skill is executed. This exfiltrated data is then passed to other commands, potentially exacerbating other vulnerabilities like command injection. Restrict file access to a specific, sandboxed directory or disallow reading arbitrary files via the '@' syntax. If file reading is necessary, implement strict validation of file paths to prevent directory traversal and access to sensitive system files (e.g., by checking against a whitelist of allowed directories or file types). | LLM | scripts/lib/utils.sh:69 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lavish0000/peaq-robotics/scripts/lib/env.sh:10 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lavish0000/peaq-robotics/scripts/lib/install.sh:192 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lavish0000/peaq-robotics/scripts/peaq_ros2.sh:104 | |
| MEDIUM | Supply Chain Risk via configurable repository URL/reference The skill's installation process allows overriding the 'peaq-robotics-ros2' repository URL and reference via the 'PEAQ_ROS2_REPO_URL' and 'PEAQ_ROS2_REPO_REF' environment variables. If an attacker can control these environment variables, they could trick the system into cloning and building a malicious version of the repository, introducing a supply chain vulnerability. Pin the repository URL and reference to known, trusted values within the skill's code. If overrides are necessary, implement strict validation of the provided URLs and references (e.g., only allow specific domains, check for known good hashes, or require manual approval for changes). | LLM | SKILL.md:29 | |
| INFO | Excessive Permissions: Sourcing setup scripts from configurable root The 'ensure_env' function in 'scripts/lib/env.sh' sources '$ROS_SETUP' and '$WS_SETUP'. While '$ROS_SETUP' defaults to a system path, '$WS_SETUP' is derived from '$ROOT/install/setup.bash'. If the 'PEAQ_ROS2_ROOT' environment variable (which can be overridden by users) points to an attacker-controlled directory, a malicious 'setup.bash' script could be sourced, leading to arbitrary code execution. This represents a potential privilege escalation or code execution vector if the environment is compromised. Validate 'PEAQ_ROS2_ROOT' to ensure it points to a trusted location. Consider using a more isolated environment for sourcing setup scripts or explicitly listing allowed paths. Implement checks to verify the integrity of sourced scripts. | LLM | scripts/lib/env.sh:68 |
Scan History
Embed Code
[](https://skillshield.io/report/841754d6902950a9)
Powered by SkillShield