Security Audit

tcm-video-factory

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

tcm-video-factory received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Indirect Prompt Injection via Chained LLM Calls, Unpinned or Broad Dependency Versions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

68%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Indirect Prompt Injection via Chained LLM Calls The output of the first LLM call (`selectedTopic`) is directly incorporated into the user prompt for a subsequent LLM call without sanitization or strict parsing. An attacker could craft the initial `topicArg` to induce the first LLM to generate malicious instructions or data that, when fed into the second LLM, could manipulate its behavior, leading to unintended actions, data leakage, or denial of service. Implement robust input validation and sanitization for `selectedTopic` before it is used in the `productionPrompt`. Consider using a separate, hardened LLM call or a strict parsing mechanism to extract only the intended topic name from the first LLM's output, rather than directly embedding the raw output. Alternatively, ensure the system prompt for the first LLM strictly enforces output format and disallows any instructional content.	LLM	index.mjs:80
MEDIUM	Unpinned npm dependency version Dependency 'node-fetch' is not pinned to an exact version ('^3.3.2'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/xaotiensinh-abm/tcm-video-factory/package.json
LOW	Unpinned or Broad Dependency Versions The `package.json` file uses caret (`^`) ranges for dependencies (`node-fetch`, `dotenv`). While `package-lock.json` pins exact versions, relying on broad ranges in `package.json` can lead to unexpected dependency updates if the `package-lock.json` is not strictly enforced or if a fresh installation occurs without it. This could introduce new vulnerabilities or breaking changes from newer versions of dependencies. Pin dependencies to exact versions (e.g., `node-fetch: "3.3.2"`) in `package.json` to ensure deterministic builds and prevent unexpected updates. Regularly audit dependencies for known vulnerabilities.	LLM	package.json:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8bb0c145d7cf7ec1.svg)](https://skillshield.io/report/8bb0c145d7cf7ec1)