Security Audit

serpapi-mcp

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

serpapi-mcp received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unpinned global dependency `mcporter`, SerpAPI Key exposed in process arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Unpinned global dependency `mcporter` The skill's documentation (`SKILL.md`) instructs users to install `mcporter` globally using `npm install -g mcporter`. This command installs the latest version of the package, which is an unpinned dependency. If a future version of `mcporter` is compromised or introduces malicious code, the skill would automatically execute it, leading to a supply chain attack. Pin the `mcporter` dependency to a specific, known-good version (e.g., `npm install -g mcporter@1.2.3`). Ideally, dependencies should be installed locally to the skill or managed via a lockfile, rather than globally. If global installation is unavoidable, strict version pinning is crucial.	LLM	SKILL.md:35
MEDIUM	SerpAPI Key exposed in process arguments The `scripts/serp.sh` script passes the `SERPAPI_API_KEY` (stored in `$used_key`) as a command-line argument to `scripts/fetch_ai_overview.mjs`. Command-line arguments are typically visible in system process lists (e.g., via `ps aux`), allowing other users or processes on the same system to potentially read the API key. Pass sensitive credentials like API keys via environment variables to child processes instead of command-line arguments. For example, modify `serp.sh` to `SERPAPI_API_KEY="$used_key" node "$(dirname "$0")"/fetch_ai_overview.mjs "$tmpfile"` and modify `fetch_ai_overview.mjs` to read `process.env.SERPAPI_API_KEY`.	LLM	scripts/serp.sh:100

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5d9eb441f14a3af0.svg)](https://skillshield.io/report/5d9eb441f14a3af0)