Security Audit

telegram-usage

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

telegram-usage received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 3 findings: 2 critical, 0 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Direct shell execution via execSync.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

40%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

93%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

3 findings

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/c-drew/telegram-usage/handler.js:10
CRITICAL	Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands.	Manifest	skills/c-drew/telegram-usage/handler.js:48
MEDIUM	Direct shell execution via execSync The skill uses `child_process.execSync` to execute the `clawdbot models status` command. While the command string is hardcoded and not directly influenced by user input in the provided snippet, `execSync` performs direct shell execution. This introduces a potential command injection vulnerability if the `clawdbot` binary itself is compromised, replaced with a malicious executable, or if the execution environment (e.g., PATH variable) is manipulated to resolve `clawdbot` to an unintended program. This is a powerful primitive that should be used with caution. If possible, avoid `execSync` and use `child_process.spawn` with an array of arguments to prevent shell interpretation. Ensure the `clawdbot` binary is trusted, its path is secured, and its integrity is verified. If `execSync` is strictly necessary, consider additional environment hardening.	LLM	handler.js:50

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/eda337aba8e9d5a5.svg)](https://skillshield.io/report/eda337aba8e9d5a5)