Security Audit

vk

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

vk received a trust score of 81/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary file read leading to data exfiltration, VK Access Token exposed via command-line arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Arbitrary file read leading to data exfiltration The `uploadFile` function in `scripts/vk_cli.js` reads a file path directly from command-line arguments (`filePath`) using `fs.readFileSync`. An attacker could inject a path to a sensitive file (e.g., `/etc/passwd`, `.env` files, or other configuration files) into the `file_path` argument of `upload-photo`, `upload-photo-msg`, or `upload-video` commands. The content of this arbitrary file would then be read and included in the `FormData` for upload to the VK API, effectively exfiltrating the file's contents to an external service. Implement strict validation and sanitization for `filePath` arguments. Only allow files within a designated, sandboxed upload directory, or use a secure file selection mechanism that prevents arbitrary path traversal. Ensure the AI agent's execution environment is properly sandboxed to limit filesystem access.	LLM	scripts/vk_cli.js:47
MEDIUM	VK Access Token exposed via command-line arguments The VK Access Token is passed directly as a command-line argument to `scripts/vk_cli.js` for all API operations. This practice is insecure as command-line arguments can be visible in process lists (`ps aux`), stored in shell history, or logged by system monitoring tools, making the token vulnerable to exposure and potential harvesting by other processes or attackers. If an attacker can trigger the execution of this skill with a malicious prompt, they could potentially log or capture the token. Avoid passing sensitive credentials like API tokens directly as command-line arguments. Instead, use environment variables, a secure secrets management system, or a more secure method for token provision that does not expose the secret in plain text in process information or logs. If environment variables are used, ensure they are properly secured and not logged.	LLM	scripts/vk_cli.js:100

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4f721eb713b96b8f.svg)](https://skillshield.io/report/4f721eb713b96b8f)