Security Audit

permanent-note-generator

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

permanent-note-generator received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unrestricted File/URL Access for Article Input.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Unrestricted File/URL Access for Article Input The skill instructs the LLM to process user-provided article content, which can be supplied as a '文件路径 (file path)' or 'URL'. If the underlying LLM agent framework allows unrestricted access to the file system or arbitrary network requests based on these user inputs, a malicious user could provide paths to sensitive system files (e.g., `/etc/passwd`, `/proc/self/environ`) or URLs pointing to internal network resources. This could lead to unauthorized data exfiltration, Server-Side Request Forgery (SSRF), or other forms of information disclosure. The skill does not specify any mechanisms for input validation, sandboxing, or access control for these external resources. The agent framework should implement strict validation and sandboxing for user-provided file paths and URLs. File access should be restricted to designated, non-sensitive input directories. URL fetching should be limited to whitelisted domains, use a secure proxy, or be disabled if not strictly necessary. Ensure the LLM's tools for reading files/URLs are not vulnerable to path traversal or command injection.	LLM	SKILL.md:78

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5a7a393fa59f3ade.svg)](https://skillshield.io/report/5a7a393fa59f3ade)