Security Audit

pulse

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

pulse received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 5 findings: 1 critical, 4 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Command Injection via unsanitized endpoint in CLI wrapper, Hardcoded API Token in CLI wrapper.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

70%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Network Access

3 findings

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/cyberkov/pulse/scripts/pulse-cli.sh:175
HIGH	Command Injection via unsanitized endpoint in CLI wrapper The suggested `~/.local/bin/pulse` helper script, which the skill explicitly instructs the user to create and use, directly interpolates user-provided input (`$1` as `endpoint`) into a `curl` command's URL without proper sanitization. An attacker could inject shell metacharacters (e.g., `;`, `\|`, `&`, `` ` ``) into the `endpoint` argument, leading to arbitrary command execution on the system running the script. Additionally, `$@` is passed directly to `curl`, which could allow injection of `curl` arguments that lead to unintended actions (e.g., file upload/download). Implement robust input sanitization for the `endpoint` variable and other arguments before incorporating them into shell commands. For URL paths, ensure proper URL encoding. For `curl` arguments, use an array and quote elements properly, or explicitly whitelist allowed arguments. Consider using `printf %q` for shell escaping if direct interpolation is unavoidable, though safer alternatives like `exec` with explicit arguments are preferred.	LLM	SKILL.md:134
HIGH	Hardcoded API Token in CLI wrapper The suggested `~/.local/bin/pulse` helper script, which the skill explicitly instructs the user to create and use, contains a hardcoded `PULSE_TOKEN`. If this token is sensitive or used in a production environment, its exposure in the script constitutes a credential harvesting/exposure risk. Even if it's a demo token, hardcoding credentials sets a poor security precedent and can lead to accidental exposure. Remove hardcoded credentials. Use secure methods for credential management, such as environment variables (which is already partially supported as a fallback), a dedicated secrets management system, or prompting the user for the token at runtime. Ensure that tokens are not committed to version control.	LLM	SKILL.md:132
HIGH	Command Injection via unsanitized endpoint in `scripts/pulse-cli.sh` The `api_call` function in `scripts/pulse-cli.sh` directly interpolates the `endpoint` variable (derived from user input via command-line arguments) into the `curl` command's URL without proper sanitization. This allows an attacker to inject shell metacharacters (e.g., `;`, `\|`, `&`, `` ` ``) into the `endpoint` argument, leading to arbitrary command execution on the system running the script. For example, executing `pulse-cli.sh resource '123; evil_command'` would execute `evil_command`. Implement robust input sanitization for the `endpoint` variable before incorporating it into shell commands. For URL paths, ensure proper URL encoding. Consider using `printf %q` for shell escaping if direct interpolation is unavoidable, though safer alternatives like `exec` with explicit arguments are preferred.	LLM	scripts/pulse-cli.sh:26
HIGH	Hardcoded API Token in `scripts/pulse-cli.sh` The `scripts/pulse-cli.sh` helper script contains a hardcoded `PULSE_TOKEN`. If this token is sensitive or used in a production environment, its exposure in the script constitutes a credential harvesting/exposure risk. Even if it's a demo token, hardcoding credentials sets a poor security precedent and can lead to accidental exposure. Remove hardcoded credentials. Use secure methods for credential management, such as environment variables (which is already partially supported as a fallback), a dedicated secrets management system, or prompting the user for the token at runtime. Ensure that tokens are not committed to version control.	LLM	scripts/pulse-cli.sh:7

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9817ed35288e9c2a.svg)](https://skillshield.io/report/9817ed35288e9c2a)