Security Audit

readeck

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

readeck received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via unsanitized user input in `curl` arguments and JSON payloads.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via unsanitized user input in `curl` arguments and JSON payloads The skill documentation provides `curl` command examples that demonstrate interaction with the Readeck API. These examples involve interpolating variables (e.g., `$ID`) into URL paths and embedding user-controlled data (e.g., URLs, search terms, tags) within JSON payloads. If an AI agent implements this skill by directly substituting user-provided input into these `curl` command templates without proper sanitization or escaping, it could lead to command injection. Malicious user input containing shell metacharacters could break out of URL paths or JSON strings, allowing arbitrary commands to be executed on the host system. For example, injecting `"}' ; evil_command #` into a URL field within the JSON payload or `123; evil_command` into the `$ID` path parameter could lead to arbitrary code execution. When generating code for this skill, ensure all user-provided inputs (e.g., URLs, IDs, search terms, collection names, tags) are properly sanitized and escaped before being incorporated into shell commands or JSON payloads. For shell commands, use safe execution methods that prevent shell metacharacter interpretation (e.g., `subprocess.run` with `shell=False` and passing arguments as a list, or robust escaping functions). For JSON payloads, ensure user input is correctly JSON-encoded using a library like `json.dumps()`.	LLM	SKILL.md:22

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/2dde1c10b62971da.svg)](https://skillshield.io/report/2dde1c10b62971da)