Security Audit

readeck

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

readeck received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unsanitized user input leads to command injection, Potential data exfiltration via command injection.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Unsanitized user input leads to command injection The `scripts/save.sh` script takes a user-provided URL as its first argument (`$1`). This argument is directly used in the `curl` command within a double-quoted string (`-d "{\"url\": \"$URL\"}"`). Bash performs command substitution (e.g., `$(command)`) and backtick expansion (e.g., `` `command` ``) within double-quoted strings. An attacker can inject arbitrary shell commands by providing a URL containing these constructs, leading to arbitrary code execution on the host system. The user-provided URL (`$1`) must be thoroughly sanitized to prevent shell metacharacters from being interpreted as commands. A robust solution involves escaping all shell special characters before passing the URL to the script, or within the script, ensuring the URL is properly JSON-escaped and then passed to `curl` using a method that prevents shell interpretation (e.g., using `printf %q` for shell arguments, or constructing the JSON payload with a dedicated JSON parser/generator). For this specific case, ensuring the URL is JSON-escaped and then passed to `curl` as a literal string is crucial.	LLM	scripts/save.sh:29
HIGH	Potential data exfiltration via command injection Due to the command injection vulnerability in `scripts/save.sh`, an attacker can execute arbitrary shell commands. This capability can be leveraged to read sensitive files (e.g., `/etc/passwd`) and environment variables (e.g., `READECK_API_TOKEN`) and exfiltrate their contents to an attacker-controlled server by embedding the output of these commands into the URL or other network requests. Implement robust input sanitization for the URL argument to prevent command injection. This will mitigate the underlying vulnerability that enables data exfiltration. Additionally, ensure that the environment where the script runs has minimal necessary permissions.	LLM	scripts/save.sh:29

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/498e694b05f7b8db.svg)](https://skillshield.io/report/498e694b05f7b8db)