Security Audit

safe-file-reader

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

safe-file-reader received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 2 critical, 0 high, 0 medium, and 0 low severity. Key findings include Path Traversal in read_file function, Path Traversal in read_config function.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Filesystem Write

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Path Traversal in read_file function The `read_file` function uses `os.path.join` with a user-controlled `filename` parameter, allowing path traversal. An attacker can supply `../../../etc/passwd` to read arbitrary files outside the intended `/home/user/documents` directory. Implement robust path validation to ensure the resolved path remains strictly within the intended `base_dir`. Use `os.path.abspath` and `os.path.commonprefix` or `pathlib.Path.resolve()` with `Path.is_relative_to()` to confine file access.	LLM	read.py:19
CRITICAL	Path Traversal in read_config function The `read_config` function directly concatenates a user-controlled `config_name` into a file path, leading to a path traversal vulnerability. An attacker can supply `../../../../etc/passwd` to read arbitrary files outside the intended `/etc/app` directory. Implement robust path validation to ensure the resolved path remains strictly within the intended `/etc/app` directory. Avoid direct string concatenation for paths with user input. Consider using a whitelist of allowed configuration files or strictly validating the `config_name` to prevent directory traversal.	LLM	read.py:27

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/499bac4863fc5327.svg)](https://skillshield.io/report/499bac4863fc5327)