Trust Assessment
video-message received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via `tts` tool, Potential Arbitrary File Read via `avatar` or `background` paths, Unpinned `openclaw-avatarcam` dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via `tts` tool The skill workflow describes generating audio from user-provided text using `tts text="..."`. If the `text` argument is directly passed to an underlying shell command or an unsafely implemented `tts` tool without proper sanitization, a malicious user could inject arbitrary commands. The `SKILL.md` describes this pattern without specifying sanitization. Ensure all user-provided input passed to external tools (like `tts`) is strictly sanitized or escaped. Prefer using safe API calls over shell execution for external processes. | LLM | SKILL.md:76 | |
| MEDIUM | Potential Arbitrary File Read via `avatar` or `background` paths The skill allows configuring `avatar` and `background` settings, which can be file paths. If these settings can be influenced by untrusted user input (e.g., through `TOOLS.md` modification or direct user input), a malicious user could specify paths to sensitive system files (e.g., `/etc/passwd`, API keys) for `avatarcam` to attempt to load. This could lead to information disclosure. Restrict file paths for `avatar` and `background` to a safe, designated directory. Validate and sanitize all file path inputs to prevent path traversal attacks. | LLM | SKILL.md:19 | |
| MEDIUM | Unpinned `openclaw-avatarcam` dependency The manifest specifies the `openclaw-avatarcam` npm package without a version constraint. This means that `npm install -g openclaw-avatarcam` will always fetch the latest available version. A malicious update to this package could introduce vulnerabilities or backdoors into the skill's environment without explicit user action. Pin the `openclaw-avatarcam` dependency to a specific, known-good version (e.g., `"@thewulf7/openclaw-avatarcam@1.2.3"`) to ensure deterministic builds and prevent unexpected malicious updates. Regularly review and update pinned versions. | LLM | Manifest:10 |
Scan History
Embed Code
[](https://skillshield.io/report/2648459f2b448694)
Powered by SkillShield