Security Audit

second-brain

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

second-brain received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via Shell Script Arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Shell Script Arguments The skill explicitly instructs the LLM to execute a shell script (`{baseDir}/scripts/ensue-api.sh`) and pass arguments as single-quoted JSON strings. These JSON strings are expected to contain user-controlled data (e.g., 'query' in 'discover_memories', 'value' in 'create_memory'/'update_memory'). If the LLM constructs these JSON strings using untrusted user input without proper escaping, or if the 'ensue-api.sh' script does not robustly sanitize or escape these JSON values before using them in further shell commands, it creates a direct vector for command injection. An attacker could craft malicious input within the JSON fields (e.g., `{"query": "; rm -rf /; #"}`) to execute arbitrary commands on the host system. Ensure that all user-provided data inserted into the JSON arguments is rigorously escaped for both JSON and shell contexts before being passed to the 'ensue-api.sh' script. The 'ensue-api.sh' script itself must also be hardened to prevent shell injection by properly quoting and sanitizing any extracted JSON values before using them in sub-commands. Consider using a more secure inter-process communication mechanism (e.g., stdin, temporary files, or a language-specific API wrapper) instead of passing complex, user-controlled data directly as shell arguments.	LLM	SKILL.md:178

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/989ecc91565fca74.svg)](https://skillshield.io/report/989ecc91565fca74)