Security Audit

pollinations

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pollinations received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 0 critical, 5 high, 0 medium, and 0 low severity. Key findings include Command Injection via unquoted environment variable in curl command, Command Injection via unquoted script arguments in URL construction, Command Injection via unquoted script arguments in jq JSON string.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

25%

Behavioral Risk Signals

Network Access

4 findings

Shell Execution

5 findings

Dynamic Code

5 findings

Security Findings5

Severity	Finding	Layer	Location
HIGH	Command Injection via unquoted environment variable in curl command The `POLLINATIONS_API_KEY` environment variable is used directly in the `curl` command's headers without proper quoting in `scripts/chat.sh`. If this environment variable contains shell metacharacters (e.g., `$(command)` or backticks), it could lead to arbitrary command execution. In `scripts/image.sh` and `scripts/tts.sh`, the variable is used within a double-quoted string, but if the API key itself contains a double quote, it could break out of the string and allow injection of additional `curl` arguments or shell commands. When constructing the `HEADERS` variable, use an array to safely pass arguments to `curl`. For example, `HEADERS_ARRAY=('-H' 'Content-Type: application/json'); if [[ -n "$POLLINATIONS_API_KEY" ]]; then HEADERS_ARRAY+=('-H' "Authorization: Bearer $POLLINATIONS_API_KEY"); fi; curl -s "${HEADERS_ARRAY[@]}" ...`. For `scripts/image.sh` and `scripts/tts.sh`, ensure the `POLLINATIONS_API_KEY` is properly escaped or passed as a separate argument to `curl` if it can contain problematic characters.	LLM	scripts/chat.sh:32
HIGH	Command Injection via unquoted environment variable in curl command The `POLLINATIONS_API_KEY` environment variable is used directly within a double-quoted string for the `Authorization` header. If the API key itself contains a double quote, it could break out of the string and allow injection of additional `curl` arguments or shell commands. Ensure the `POLLINATIONS_API_KEY` is properly escaped or passed as a separate argument to `curl` if it can contain problematic characters. A safer approach is to use an array for `curl` arguments: `curl -s -H "Authorization: Bearer ${POLLINATIONS_API_KEY}" ...` or `curl -s -H "Authorization: Bearer $(printf '%s' "$POLLINATIONS_API_KEY" \| sed -e 's/"/\\"/g')" ...`	LLM	scripts/image.sh:120
HIGH	Command Injection via unquoted environment variable in curl command The `POLLINATIONS_API_KEY` environment variable is used directly within a double-quoted string for the `Authorization` header. If the API key itself contains a double quote, it could break out of the string and allow injection of additional `curl` arguments or shell commands. Ensure the `POLLINATIONS_API_KEY` is properly escaped or passed as a separate argument to `curl` if it can contain problematic characters. A safer approach is to use an array for `curl` arguments: `curl -s -H "Authorization: Bearer ${POLLINATIONS_API_KEY}" ...` or `curl -s -H "Authorization: Bearer $(printf '%s' "$POLLINATIONS_API_KEY" \| sed -e 's/"/\\"/g')" ...`	LLM	scripts/tts.sh:60
HIGH	Command Injection via unquoted script arguments in URL construction Several variables (`MODEL`, `WIDTH`, `HEIGHT`, `SEED`, `DURATION`, `NOLOGO`, `PRIVATE`, `SAFE`, `ENHANCE`, `QUALITY`, `TRANSPARENT`, `AUDIO`, `ASPECT_RATIO`) are taken directly from command-line arguments and then interpolated into the `PARAMS` string without proper URL encoding or shell quoting. If an attacker can control these arguments (e.g., by providing `--model "flux$(id)"`), it could lead to arbitrary command execution when the `URL` is constructed and subsequently passed to `curl`. All dynamic values interpolated into the URL query string should be passed through the `urlencode` function to prevent both URL encoding issues and shell injection. For example, `PARAMS="model=$(urlencode "$MODEL")&width=$(urlencode "$WIDTH")"`.	LLM	scripts/image.sh:88
HIGH	Command Injection via unquoted script arguments in jq JSON string The `VOICE` and `FORMAT` variables are directly interpolated into a JSON string that is then passed to `jq`. If an attacker can control these arguments (e.g., by providing `--voice "nova", "evil": "$(id)"`), it could lead to `jq` command injection or malformed JSON, potentially causing unexpected behavior or command execution if `jq`'s parsing is bypassed. Pass all dynamic values to `jq` using the `--arg` or `--argjson` options, which handle proper JSON escaping. For example, `jq -n -c --arg voice "$VOICE" --arg format "$FORMAT" '{audio: {voice: $voice, format: $format}}'`.	LLM	scripts/tts.sh:44

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/41d9832b8e459721.svg)](https://skillshield.io/report/41d9832b8e459721)