Security Audit

pinch-to-post

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pinch-to-post received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 3 critical, 0 high, 0 medium, and 0 low severity. Key findings include Command Injection via Unquoted Variable in For Loop, Command Injection via Unescaped User Input in JSON Payload, Command Injection via Unescaped User Input in URL Path.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

10%

Behavioral Risk Signals

Network Access

3 findings

Filesystem Write

2 findings

Shell Execution

3 findings

Dynamic Code

3 findings

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Command Injection via Unquoted Variable in For Loop The script uses a `for` loop to iterate over IDs extracted from an API response using `jq -r`. The `id` variable is then directly interpolated into a `curl` command's URL path without proper quoting or validation. If a malicious API response provides an `id` containing shell metacharacters (e.g., `123; evil_command`), the `evil_command` will be executed by the shell. Ensure that variables used in `for` loops are properly quoted or that the source of the variable is strictly validated to prevent shell metacharacters. A safer approach for processing lists from command output is `while IFS= read -r var; do ... done < <(command)` or to explicitly validate and sanitize the `id` before use.	LLM	wp-rest.sh:200
CRITICAL	Command Injection via Unescaped User Input in JSON Payload User-supplied arguments (e.g., `$2`, `$3`, `$4` for `TITLE`, `CONTENT`, `STATUS`) are directly interpolated into JSON payloads within `curl -d` commands. If these arguments contain shell metacharacters (e.g., `$(evil_command)`) or characters that break the JSON structure (e.g., unescaped double quotes), they can lead to arbitrary command execution or malformed API requests. The shell expands these variables before `curl` processes the argument. All user-supplied input intended for JSON payloads must be properly JSON-escaped before interpolation. A robust method involves using `jq -n --arg key "$USER_INPUT" '{"key": $key}'` or a dedicated JSON escaping utility to construct the JSON string safely.	LLM	wp-rest.sh:208
CRITICAL	Command Injection via Unescaped User Input in URL Path User-supplied arguments (e.g., `POST_ID`, `MEDIA_ID`, `comment_id`, `product_id`) are directly interpolated into URL paths within `curl` commands. If these arguments contain shell metacharacters (e.g., `123/$(evil_command)`), they can lead to arbitrary command execution. The shell performs expansion before `curl` receives the URL. All user-supplied input intended for URL paths must be properly URL-encoded and validated to prevent shell metacharacters. Ensure that IDs are strictly numeric or alphanumeric and do not contain characters that could be interpreted by the shell.	LLM	wp-rest.sh:100

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b8812936dcbb196e.svg)](https://skillshield.io/report/b8812936dcbb196e)