Security Audit

second-brain

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

second-brain received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via JSON Argument Interpolation, Command Injection via Method Name Interpolation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Command Injection via JSON Argument Interpolation The `ensue-api.sh` script directly interpolates the `$ARGS` variable into the `curl` command's JSON payload without proper escaping or validation. This allows for JSON injection, where a malicious user could craft the `$ARGS` input to alter the JSON structure sent to the Ensue API. This could lead to unauthorized API calls, data manipulation, or exfiltration if the API endpoint is vulnerable to such modifications. Sanitize or validate the `$ARGS` variable to ensure it is valid and safe JSON before interpolation. Consider using a JSON parsing utility like `jq` to construct the JSON payload safely, or strictly validate the input against a schema. For example, `ARGS=$(echo "$ARGS" \| jq -c .)` to ensure it's compact JSON, or pass arguments as separate variables to `jq` to build the JSON.	LLM	scripts/ensue-api.sh:32
MEDIUM	Command Injection via Method Name Interpolation The `ensue-api.sh` script directly interpolates the `$METHOD` variable into the `curl` command's JSON payload. While enclosed in double quotes, if `$METHOD` contains a double quote itself, it could break out of the string and inject arbitrary JSON into the `name` field's context. This could lead to unexpected API behavior or parameter injection. Validate the `$METHOD` variable against a whitelist of allowed methods. Alternatively, ensure proper JSON escaping of the `$METHOD` string before interpolation, or use a JSON parsing utility like `jq` to construct the JSON payload safely.	LLM	scripts/ensue-api.sh:32

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/20349ed4a21e35ce.svg)](https://skillshield.io/report/20349ed4a21e35ce)