Security Audit

upload-post

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

upload-post received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Potential Command Injection via FFmpeg 'full_command' parameter.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Potential Command Injection via FFmpeg 'full_command' parameter The `/api/ffmpeg` endpoint allows users to provide a `full_command` string for FFmpeg processing. If the backend server executes this command directly without sufficient sanitization or sandboxing, an attacker could inject arbitrary shell commands by escaping the FFmpeg command or chaining commands. This could lead to remote code execution on the API server, data exfiltration from the server's environment, or denial of service. The documentation explicitly states 'Process media with custom FFmpeg commands' and shows `{input}` and `{output}` placeholders, but does not specify any restrictions or sanitization applied to the `full_command` string itself, making it a high-risk vector for command injection. The API backend must strictly validate and sanitize the `full_command` parameter. Ideally, it should parse the FFmpeg command and only allow specific, whitelisted FFmpeg operations and parameters, rather than executing an arbitrary string. If arbitrary commands are deemed necessary, they must be executed within a heavily sandboxed environment (e.g., containerized, with strict resource limits and network isolation) and with a non-privileged user. Input and output file paths should be strictly controlled and not user-definable.	LLM	SKILL.md:194

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5574bdab5d089edb.svg)](https://skillshield.io/report/5574bdab5d089edb)