Security Audit

vlmrun-cli-skill

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

vlmrun-cli-skill received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 0 medium, and 1 low severity. Key findings include Potential Command Injection via Unsanitized Prompt in CLI Arguments, Unpinned dependency in setup instructions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

83%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via Unsanitized Prompt in CLI Arguments The skill defines a CLI interface where user-provided prompt text is directly embedded into shell commands (e.g., `vlmrun chat "<prompt>" ...`). If the LLM does not properly sanitize or escape user input before constructing these commands, a malicious user could inject arbitrary shell commands. For example, a prompt like `"; rm -rf /; #"` could lead to unintended command execution when the LLM generates and executes the command. The LLM's execution environment must ensure that any user-provided input used in shell commands is properly escaped or quoted to prevent shell metacharacter interpretation. For example, by using `shlex.quote()` in Python or similar mechanisms in other languages, or by passing arguments as an array to `subprocess.run()` instead of a single string.	LLM	SKILL.md:60
LOW	Unpinned dependency in setup instructions The setup instructions recommend installing `vlmrun[cli]` without specifying a version. This can lead to supply chain vulnerabilities if a malicious or incompatible version of the package is published, as the installation will always pull the latest available version. It also risks breaking changes. Pin the dependency to a specific version, e.g., `uv pip install "vlmrun[cli]==X.Y.Z"`, or use a version range like `vlmrun[cli]~=X.Y` to allow for patch updates while maintaining stability.	LLM	SKILL.md:10

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/fa250316de7d466d.svg)](https://skillshield.io/report/fa250316de7d466d)