Security Audit

pitch-deck-visuals

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pitch-deck-visuals received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 8 findings: 3 critical, 1 high, 1 medium, and 3 low severity. Key findings include Covert behavior / concealment directives, Arbitrary command execution, Remote code execution: curl/wget pipe to shell.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

64%

Static Code Analysis

70%

Dependency Graph

100%

LLM Behavioral Safety

48%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

5 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings8

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Remote code download piped to interpreter Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/okaris/pitch-deck-visuals/SKILL.md:9
CRITICAL	Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter.	Static	skills/okaris/pitch-deck-visuals/SKILL.md:9
CRITICAL	Unverified Remote Script Execution (curl \| sh) The skill's quick start guide instructs users to download and execute a shell script directly from a remote URL (`https://cli.inference.sh`) using `curl \| sh`. This practice is a severe supply chain risk, as it executes arbitrary code from an external source without verification, making the user vulnerable to malicious changes in the remote script. This is a direct command injection vector. Avoid using `curl \| sh` for installation. Provide a verified, versioned installation method, or bundle necessary binaries/scripts within the skill package. If remote execution is unavoidable, implement cryptographic verification (e.g., checksums, signatures) of the downloaded script before execution.	LLM	SKILL.md:10
HIGH	Excessive Bash Permissions for 'infsh' commands The skill declares `Bash(infsh )` in its manifest, granting it the ability to execute any command starting with `infsh`. While the examples in the skill use specific `infsh` applications with hardcoded inputs, this broad permission allows the skill to potentially execute arbitrary `infsh` commands, including those that could run arbitrary Python code via `infsh/python-executor` or interact with other system resources, if user input were to be incorporated into command arguments. This creates a significant attack surface. Restrict `Bash` permissions to the minimum necessary set of `infsh` commands or specific `infsh` applications required by the skill. For example, instead of `Bash(infsh )`, specify `Bash(infsh app run infsh/html-to-image)` and `Bash(infsh app run infsh/python-executor)` if those are the only intended uses.	LLM	Manifest
MEDIUM	Unpinned Remote Skill Installation via npx The skill suggests installing related skills using `npx skills add inferencesh/skills@competitor-teardown` (and similar). This command adds skills from a remote source without specifying a fixed version. Relying on unpinned versions (`@latest` implicitly) introduces a supply chain risk, as a malicious update to the remote skill package could be automatically installed and executed without the user's explicit review. Always pin versions when installing remote packages or skills (e.g., `npx skills add inferencesh/skills@1.2.3`). Alternatively, provide instructions for auditing the skill content before installation or use a trusted, curated skill registry.	LLM	SKILL.md:270
LOW	Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/okaris/pitch-deck-visuals/SKILL.md:13
LOW	Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/okaris/pitch-deck-visuals/SKILL.md:82
LOW	Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/okaris/pitch-deck-visuals/SKILL.md:92

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f1345db25aa3f67a.svg)](https://skillshield.io/report/f1345db25aa3f67a)