Security Audit

unfuck-my-git-state

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

unfuck-my-git-state received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Command Injection via unsanitized 'TARGET' argument in snapshot_git_state.sh, Command Injection via unsanitized '--repo' argument in guided_repair_plan.sh.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Command Injection via unsanitized 'TARGET' argument in snapshot_git_state.sh The `scripts/snapshot_git_state.sh` script takes its first argument as `TARGET` and directly uses it within `git -C "$TARGET"` commands without proper sanitization. An attacker could provide a malicious string (e.g., `.; rm -rf /`) as the `TARGET` argument, leading to arbitrary command execution on the system where the skill is run. This script is called by other parts of the skill, potentially propagating the vulnerability. Sanitize the `TARGET` input by resolving it to an absolute, canonical path and validating that it is a safe, existing directory path without any shell metacharacters before passing it to `git -C`. For example, use `realpath` and then validate the resulting path string.	LLM	scripts/snapshot_git_state.sh:7
HIGH	Command Injection via unsanitized '--repo' argument in guided_repair_plan.sh The `scripts/guided_repair_plan.sh` script accepts a `--repo` argument which is then directly passed to `scripts/snapshot_git_state.sh` and used in `git -C "$repo"` commands within the `resolve_snapshot_from_repo` function. Since `snapshot_git_state.sh` is vulnerable to command injection via its `TARGET` argument, this script inherits and exposes the same vulnerability. An attacker providing a malicious string (e.g., `.; rm -rf /`) as the `--repo` argument could execute arbitrary shell commands. Sanitize the `$repo` input by resolving it to an absolute, canonical path and validating that it is a safe, existing directory path without any shell metacharacters before passing it to `snapshot_git_state.sh` or `git -C`. This will mitigate the direct vulnerability in this script and prevent propagation to `snapshot_git_state.sh`.	LLM	scripts/guided_repair_plan.sh:200

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/6a197aa9c90b664f.svg)](https://skillshield.io/report/6a197aa9c90b664f)