Security Audit

safe-multisig-skill

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

safe-multisig-skill received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Arbitrary file read via --tx-file option.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Arbitrary file read via --tx-file option The `propose-tx.ts` script allows reading arbitrary files from the filesystem. The `--tx-file` command-line option specifies a path that is resolved using `path.resolve(process.cwd(), opts.txFile)`. This function does not sanitize or restrict paths containing directory traversal sequences (`../`) or absolute paths. An attacker could provide a path like `/etc/passwd` or `../../../../.ssh/id_rsa` to read sensitive files from the system. The content of these files would be read into memory via `fs.readFileSync`, leading to potential data exfiltration. Implement strict path validation for the `--tx-file` option. Ensure the provided path is relative to a specific, allowed subdirectory (e.g., `references/`) and does not contain path traversal sequences (`../`) or absolute paths. A common approach is to construct the path using `path.join(baseDir, relativePath)` and then verify that the resolved path starts with the `baseDir` to prevent directory escape.	LLM	scripts/propose-tx.ts:49
MEDIUM	Unpinned npm dependency version Dependency '@safe-global/api-kit' is not pinned to an exact version ('^4.0.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/openclaw-consensus-bot/safe-multisig-skill/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/6bea8e3ac6991855.svg)](https://skillshield.io/report/6bea8e3ac6991855)