Security Audit

ui-ux-pro-max

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

ui-ux-pro-max received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 6 findings: 1 critical, 0 high, 5 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Arbitrary File Write via User-Controlled Output Directory.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 65/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

65%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

6 findings

Dynamic Code

5 findings

Security Findings6

Severity	Finding	Layer	Location
CRITICAL	Arbitrary File Write via User-Controlled Output Directory The skill's `scripts/search.py` script, which wraps the design system generation functionality, exposes an `--output-dir` argument (`-o`) that allows users to specify an arbitrary directory for persisting generated design system files (MASTER.md and page-specific overrides). This argument is directly used to construct file paths without sufficient sanitization or restriction to a sandboxed directory. An attacker could leverage path traversal sequences (e.g., `../`) within the `output-dir` or `project-name` arguments to write files to arbitrary locations on the host system. This could lead to overwriting critical system files, placing malicious scripts in executable paths, or consuming disk space, posing a severe security risk. 1. Restrict `output_dir`: Ensure the `output_dir` is strictly confined to a designated, sandboxed directory within the skill's own data space or a temporary directory. Do not allow arbitrary paths. Implement checks to ensure the resolved path remains within an allowed base directory. 2. Path Sanitization: Implement robust path sanitization to prevent path traversal attacks. For example, use `pathlib.Path.resolve(strict=True)` and verify the resulting path is a child of an allowed base directory. 3. Principle of Least Privilege: The skill should only be allowed to write to directories absolutely necessary for its operation, ideally within its own isolated skill directory.	LLM	scripts/search.py:69
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/xobi667/ui-ux-pro-max/scripts/core.py:4
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/xobi667/ui-ux-pro-max/scripts/design_system.py:11
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/xobi667/ui-ux-pro-max/scripts/design_system.py:824
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/xobi667/ui-ux-pro-max/scripts/design_system.py:920
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/xobi667/ui-ux-pro-max/scripts/search.py:12

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d1015572ae1fe251.svg)](https://skillshield.io/report/d1015572ae1fe251)