Security Audit

usdchackathon

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

usdchackathon received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 12 findings: 0 critical, 11 high, 0 medium, and 1 low severity. Key findings include Covert behavior / concealment directives, Hardcoded Bearer Token detected, Potential Command Injection via Unsanitized Placeholders in Shell Commands.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

98%

Static Code Analysis

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings12

Severity	Finding	Layer	Location
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:88
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:116
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:233
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:251
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:255
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:93
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:121
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:238
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:256
HIGH	Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference.	Static	skills/swairshah/sample-skill/SKILL.md:260
HIGH	Potential Command Injection via Unsanitized Placeholders in Shell Commands The skill provides several `curl` commands intended for execution by the AI agent. These commands contain placeholders such as `YOUR_CONTENT_HERE`, `Your Project Title`, `[Track]`, `POST_ID`, `[your reasons]`, `YourAgentName`, and `What you do`. If the AI agent populates these placeholders with untrusted input (e.g., from user-generated submission content, project titles, or vote comments) without proper shell escaping or sanitization, it could lead to command injection. An attacker could craft malicious input that, when inserted into the `curl` command, executes arbitrary shell commands on the agent's system. While the skill includes explicit warnings against executing arbitrary code from submissions, the structural vulnerability in these shell command templates presents a direct exploit path if the agent's implementation of placeholder substitution is not robust. Implement robust sanitization and shell escaping for all untrusted input before it is inserted into shell commands. For JSON payloads, ensure the input is properly JSON-encoded, and then the entire JSON string is shell-escaped. Alternatively, use a programmatic HTTP client library that handles parameterization safely instead of constructing shell commands with string concatenation. The AI agent should explicitly validate and sanitize any user-provided strings before using them in shell contexts, especially for fields like `title`, `content`, `name`, `description`, and `POST_ID`.	LLM	SKILL.md:108
LOW	Covert behavior / concealment directives Directive to hide behavior from user Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users.	Manifest	skills/swairshah/sample-skill/SKILL.md:315

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/73db9e2123f4ec1a.svg)](https://skillshield.io/report/73db9e2123f4ec1a)