Security Audit

picnic

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

picnic received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Sensitive credentials exposed via CLI arguments, Two-factor authentication code exposed via CLI arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

2 findings

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
HIGH	Sensitive credentials exposed via CLI arguments The `login` command requires the user's email and password to be passed directly as command-line arguments. This practice exposes sensitive credentials, making them visible in system process lists (`ps aux`), shell history files, and potentially in logs, which could be accessed by other users or processes on the system. The `SKILL.md` explicitly instructs the LLM to use this insecure method. Modify the `login` command to accept sensitive credentials via environment variables (e.g., `PICNIC_EMAIL`, `PICNIC_PASSWORD`) or by prompting the user for input (less suitable for LLM skills). This prevents them from being exposed in plain text in command history or process lists.	LLM	picnic-cli.mjs:70
MEDIUM	Unpinned npm dependency version Dependency 'picnic-api' is not pinned to an exact version ('^3.2.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/mpociot/picnic/package.json
MEDIUM	Two-factor authentication code exposed via CLI arguments The `verify-2fa` command requires the 2FA code to be passed directly as a command-line argument. Similar to passwords, this exposes the time-sensitive 2FA code in process lists and shell history, increasing the risk of unauthorized access if compromised. The `SKILL.md` explicitly instructs the LLM to use this insecure method. Modify the `verify-2fa` command to accept the 2FA code via an environment variable (e.g., `PICNIC_2FA_CODE`) or by prompting the user for input.	LLM	picnic-cli.mjs:95

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/52223425377a7975.svg)](https://skillshield.io/report/52223425377a7975)