Security Audit

proof-of-share

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

proof-of-share received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Local File Inclusion via user-controlled path in pos-verify.js, Partial exposure of input content in pos-share.js output.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

83%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Local File Inclusion via user-controlled path in pos-verify.js The `pos-verify.js` script reads a file path directly from `process.argv[2]` without validation and uses it in `fs.readFileSync`. An attacker can specify an arbitrary file path (e.g., `/etc/passwd`, `/proc/self/environ`) to read sensitive system files, leading to data exfiltration. Implement strict validation for the `file` argument. Only allow files from a designated, non-sensitive directory, or use a whitelist of allowed file names. Avoid directly using user-supplied paths for file system operations.	LLM	pos-verify.js:9
LOW	Partial exposure of input content in pos-share.js output The `pos-share.js` script includes the first 50 characters of the `hashInput` (which contains the user-provided `content`) in its JSON output. If sensitive information is passed as `skill content`, a portion of it could be exposed in the generated share file. Advise users against passing sensitive information as the `skill content` argument. If sensitive data is expected, consider redacting or omitting the `input` field from the public share object, or encrypting it.	LLM	pos-share.js:11

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/0cd7c1f6e5ae9805.svg)](https://skillshield.io/report/0cd7c1f6e5ae9805)