Security Audit

web-search

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

web-search received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary File Write via User-Controlled Path, Unpinned Dependency in Installation Instructions.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Arbitrary File Write via User-Controlled Path The skill allows writing search results to an arbitrary file path specified by the user via the `--output` argument. An attacker could exploit this to overwrite sensitive system files (e.g., `/etc/passwd`, `/root/.bashrc`, `/var/log/syslog`) leading to denial of service, data corruption, or potentially command injection if the overwritten file is an executable script or configuration file. While the content written is primarily text-based search results, the ability to write to any location is a significant risk. Implement robust path sanitization and validation for the `--output` argument. Restrict output files to a designated, non-sensitive directory (e.g., a `temp` or `output` subdirectory within the skill's workspace). Disallow absolute paths or paths containing directory traversal sequences (`../`). Consider prompting the user for confirmation before overwriting existing files, especially outside the designated output directory.	LLM	scripts/search.py:230
MEDIUM	Unpinned Dependency in Installation Instructions The `SKILL.md` instructs users to install the `duckduckgo-search` package without specifying a version. This 'unpinned' dependency introduces a supply chain risk. If a malicious version of `duckduckgo-search` were to be published to PyPI, users installing this skill could inadvertently download and execute compromised code, leading to various security breaches. Pin the dependency to a specific, known-good version (e.g., `pip install duckduckgo-search==X.Y.Z`). For production environments, consider using a `requirements.txt` file with exact versions and hashes (`pip install -r requirements.txt`) to ensure integrity and reproducibility.	LLM	SKILL.md:37

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7e7fbcdb54846d61.svg)](https://skillshield.io/report/7e7fbcdb54846d61)