Security Audit

pinme

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pinme received a trust score of 74/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned npm package installation, Potential command injection via unsanitized domain parameter.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned npm package installation The skill instructs the AI to install the 'pinme' npm package globally using `npm install -g pinme`. This command installs the latest available version of the package. If a malicious update to the 'pinme' package is published to npm, the AI would install it, leading to a supply chain attack. Best practice is to pin dependencies to a specific version (e.g., `pinme@1.2.3`) or at least a major version (e.g., `pinme@^1.0.0`) to prevent unexpected or malicious changes. Pin the 'pinme' package to a specific version or a major version range. For example, use `npm install -g pinme@1.x.x` or `npm install -g pinme@latest` after verifying the latest version is safe. Consider using a package lock file if possible, though less common for global installs.	LLM	SKILL.md:20
HIGH	Potential command injection via unsanitized domain parameter The skill's 'Machine-Readable Config' includes a template for uploading with a custom domain: `"upload_with_domain": "pinme upload {{directory}} --domain {{domain}}"`. If the `{{domain}}` parameter is populated directly from untrusted user input without proper sanitization, it could lead to command injection. An attacker could provide a domain like `my-site; rm -rf /` to execute arbitrary commands on the host system. Implement strict sanitization and validation for the `{{domain}}` parameter before it is used in a shell command. Ensure it only contains valid domain characters and does not allow shell metacharacters. Consider using a allow-list approach for domain names or quoting the parameter if the underlying command supports it.	LLM	SKILL.md:120

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/97fe5553ab48636b.svg)](https://skillshield.io/report/97fe5553ab48636b)