Security Audit

plaid

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

plaid received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Skill documents command that exposes access tokens, Untrusted input used in shell commands without explicit sanitization.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Skill documents command that exposes access tokens The skill explicitly warns against using the `plaid-cli tokens` command because it prints sensitive access tokens. If the AI agent is prompted to execute this command, it will expose credentials, leading to data exfiltration and potential unauthorized access to financial data. This is a direct and high-risk credential exposure vector. The AI agent must be strictly instructed never to execute `plaid-cli tokens` or any command that could expose credentials, even if requested by the user. Implement strict input validation and sanitization for any user-provided arguments that could lead to such commands.	LLM	SKILL.md:49
MEDIUM	Untrusted input used in shell commands without explicit sanitization The skill examples demonstrate `item-id-or-alias` being directly interpolated into shell commands (e.g., `plaid-cli accounts <item-id-or-alias>`). If `item-id-or-alias` is derived from untrusted user input and the `plaid-cli` tool does not sufficiently sanitize its arguments, a malicious user could potentially inject arbitrary shell commands (e.g., `my_alias; rm -rf /`). This is a common command injection pattern for CLI wrappers. The AI agent must implement robust input validation and sanitization for all user-provided arguments that are passed to `plaid-cli` commands, especially those used as identifiers or aliases. Ensure that arguments are properly quoted or escaped to prevent shell metacharacter interpretation.	LLM	SKILL.md:27

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/45b097c5c7b2428e.svg)](https://skillshield.io/report/45b097c5c7b2428e)