Security Audit

vision-analyze

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 3 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

vision-analyze received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Unsanitized user input passed to shell command, Skill requests broad filesystem access.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Unsanitized user input passed to shell command The skill's `command` field executes `/home/clawdbot/openclaw-tools/vision_analyze.sh` and directly appends the user-provided `{input}` as an argument without proper sanitization. This allows for command injection if the input contains shell metacharacters (e.g., `;`, `\|`, `&`, `$(...)`). A malicious user could craft the `input` to execute arbitrary commands on the host system where the skill is run. The `{input}` argument must be properly sanitized or escaped before being passed to the shell script. Ensure that the script itself handles arguments safely by quoting them (e.g., `"$1"`) or by using a method that passes arguments as a list rather than a single string for shell execution (e.g., `subprocess.run(['script.sh', user_input], check=True)` in Python without `shell=True`).	LLM	skill.json:6
MEDIUM	Missing required field: name The 'name' field is required for openclaw skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/humberto0o0/vision-analyze/SKILL.md:1
MEDIUM	Skill requests broad filesystem access The skill's `inputSchema` allows the user to provide any 'Local image file path'. This grants the underlying script (`vision_analyze.sh`) the ability to read arbitrary files on the filesystem that the executing user has access to. While intended for image files, there's no explicit restriction preventing the user from providing paths to sensitive files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`). This broad access, especially when combined with the command injection vulnerability, poses a significant risk of data exfiltration. Restrict file access to a specific, sandboxed directory if possible, or implement strict validation within the `vision_analyze.sh` script to ensure only image files within allowed paths are processed. Avoid processing arbitrary file paths from untrusted input without strong validation and sandboxing.	LLM	skill.json:12

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/0bb6393c64361265.svg)](https://skillshield.io/report/0bb6393c64361265)