Security Audit

skill-deps

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

skill-deps received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 14 findings: 3 critical, 0 high, 11 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Sensitive environment variable access: $USER, Command Injection via unsanitized skill name in curl command.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

23%

Dependency Graph

100%

LLM Behavioral Safety

10%

Behavioral Risk Signals

Network Access

3 findings

Shell Execution

14 findings

Dynamic Code

3 findings

Excessive Permissions

11 findings

Security Findings14

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unsanitized skill name in curl command The `skill-install.sh` script constructs a `curl` command using the `$name` variable, which is derived directly from the user-provided `SKILL_SPEC` argument. Although `$name` is double-quoted in the `curl` command, if `SKILL_SPEC` contains a double quote followed by shell metacharacters (e.g., `skill-name="; rm -rf /; echo "`), it can break out of the quoted string and lead to arbitrary command execution on the host system. This allows an attacker to execute arbitrary shell commands by crafting a malicious skill name. Implement strict input validation for `SKILL_SPEC` and its derived variables (`$name`, `$skill`) to ensure they only contain allowed characters (e.g., alphanumeric, hyphens, underscores) and do not contain shell metacharacters or quotes. Alternatively, use a safer method for making HTTP requests that does not involve direct shell command construction, or escape the input using `printf %q` or similar before passing it to `curl`.	LLM	scripts/skill-install.sh:57
CRITICAL	Command Injection via unsanitized skill name in external CLI calls The `skill-install.sh` script directly passes the `$skill` variable, derived from the user-provided `SKILL_SPEC` argument, to external commands like `openclaw skill install` and `clawhub install`. Although `$skill` is double-quoted, if `SKILL_SPEC` contains a double quote followed by shell metacharacters (e.g., `skill-name="; rm -rf /; echo "`), it can break out of the quoted string and lead to arbitrary command execution on the host system. This allows an attacker to execute arbitrary shell commands by crafting a malicious skill name. Implement strict input validation for `SKILL_SPEC` and its derived variables (`$name`, `$skill`) to ensure they only contain allowed characters (e.g., alphanumeric, hyphens, underscores) and do not contain shell metacharacters or quotes. When invoking external commands, ensure arguments are properly escaped using `printf %q` or similar functions to prevent shell interpretation of user-controlled input.	LLM	scripts/skill-install.sh:106
CRITICAL	Command Injection via unsanitized query in external CLI calls The `skill-search.sh` script directly passes the `$QUERY` variable, which is the user-provided command-line argument, to external commands like `clawhub search` and `openclaw skill search`. Although `$QUERY` is double-quoted, if it contains a double quote followed by shell metacharacters (e.g., `query="; rm -rf /; echo "`), it can break out of the quoted string and lead to arbitrary command execution on the host system. This allows an attacker to execute arbitrary shell commands by crafting a malicious search query. Implement strict input validation for `QUERY` to ensure it only contains allowed characters (e.g., alphanumeric, hyphens, underscores) and does not contain shell metacharacters or quotes. When invoking external commands, ensure arguments are properly escaped using `printf %q` or similar functions to prevent shell interpretation of user-controlled input.	LLM	scripts/skill-search.sh:22
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/check-conflicts.sh:15
MEDIUM	Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/check-conflicts.sh:25
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/check-deps.sh:15
MEDIUM	Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/check-deps.sh:23
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/scan-skills.sh:16
MEDIUM	Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/scan-skills.sh:118
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/skill-install.sh:29
MEDIUM	Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/skill-install.sh:63
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/skill-search.sh:39
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/skill-tree.sh:22
MEDIUM	Sensitive environment variable access: $USER Access to sensitive environment variable '$USER' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/myrodar/skill-deps/scripts/skill-tree.sh:31

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/b09d4d9fe110b3c5.svg)](https://skillshield.io/report/b09d4d9fe110b3c5)