Security Audit

unraid

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

unraid received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 4 critical, 0 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unescaped URL or API Key in `curl` command, Command Injection via unescaped GraphQL query in `curl -d` payload.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

5 findings

Dynamic Code

4 findings

Excessive Permissions

1 finding

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unescaped URL or API Key in `curl` command The `scripts/unraid-query.sh` script directly interpolates the `$URL` and `$API_KEY` variables into a `curl` command without proper shell escaping. If these variables, which can be set via environment variables (`UNRAID_URL`, `UNRAID_API_KEY`) or command-line arguments (`-u`, `-k`), contain shell metacharacters (e.g., `;`, `&`, `\|`, `$(...)`, `` ` ``), an attacker could execute arbitrary commands on the host system. Ensure all variables passed to shell commands are properly quoted and escaped. For `URL` and `API_KEY`, use `printf %q` to shell-escape them if they are to be part of a larger string, or ensure they are passed as distinct arguments to `curl` and are properly quoted, e.g., `curl ... "$URL" ... -H "x-api-key: $API_KEY"`.	LLM	scripts/unraid-query.sh:60
CRITICAL	Command Injection via unescaped GraphQL query in `curl -d` payload The `scripts/unraid-query.sh` script constructs the `curl -d` payload by directly embedding the `$QUERY` variable within a double-quoted string: `-d "{\"query\":\"$QUERY\"}"`. If the `$QUERY` variable contains shell metacharacters (e.g., `$(...)`, `` ` ``), these commands will be executed by the shell before `curl` is invoked. This allows for arbitrary command execution. The JSON payload for `curl -d` should be constructed using a tool that handles JSON escaping correctly, such as `jq`. For example, `jq -n --arg query "$QUERY" '{"query": $query}' \| curl -skL -X POST "$URL" -H "Content-Type: application/json" -H "x-api-key: $API_KEY" -d @-`. This ensures the `$QUERY` content is properly JSON-escaped and prevents shell injection.	LLM	scripts/unraid-query.sh:60
CRITICAL	Command Injection in `scripts/dashboard.sh` via Server Name The `scripts/dashboard.sh` script reads server names from `$HOME/.clawdbot/credentials/unraid/config.json`. The `NAME` variable, extracted from this configuration, is then used in an `echo` command without proper quoting: `echo "## Server: $NAME" >> "$OUTPUT_FILE"`. If the `name` field in `config.json` contains shell metacharacters (e.g., `$(...)` or `` ` ``), these commands will be executed by the shell before the `echo` command is processed, leading to arbitrary command execution. Always quote variables when using them in shell commands, especially when they originate from external or potentially untrusted sources. Change `echo "## Server: $NAME"` to `echo "## Server: \"$NAME\""` or, preferably, use `printf "## Server: %s\n" "$NAME"`.	LLM	scripts/dashboard.sh:80
CRITICAL	Command Injection in `examples/read-logs.sh` via Log Name/Lines The `examples/read-logs.sh` script constructs a GraphQL query by directly interpolating user-provided arguments (`$LOG_NAME`, `$LINES`) into the `$QUERY` string. This `$QUERY` is then passed to `scripts/unraid-query.sh`. As identified in a separate finding, `unraid-query.sh` is vulnerable to command injection if its `$QUERY` argument contains shell metacharacters. Therefore, if `$LOG_NAME` or `$LINES` contain shell metacharacters (e.g., `$(...)`, `` ` ``), they will be executed when `unraid-query.sh` processes the `$QUERY` variable. The `$LOG_NAME` and `$LINES` variables must be properly escaped before being embedded into the GraphQL query string. Ideally, the GraphQL query should be constructed using a method that handles string escaping for GraphQL, and then the entire JSON payload for `curl` should be constructed using `jq` as suggested in the remediation for `scripts/unraid-query.sh`.	LLM	examples/read-logs.sh:15
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/jmagar/unraid/scripts/dashboard.sh:7

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/c883e3b860359ede.svg)](https://skillshield.io/report/c883e3b860359ede)