Trust Assessment
wechat-search received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 13 findings: 2 critical, 3 high, 7 medium, and 1 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Unpinned Python dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings13
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jixsonwang/wechat-search-release/wechat_search.py:47 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/jixsonwang/wechat-search-release/wechat_search.py:71 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'web_search_wechat'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/jixsonwang/wechat-search-release/wechat_search.py:47 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'web_fetch_wechat'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/jixsonwang/wechat-search-release/wechat_search.py:71 | |
| HIGH | Arbitrary File Read via User-Controlled Config Path The skill allows a user to specify an arbitrary path for the configuration file via the `--config` command-line argument. The `load_config` method then attempts to open and read this file. This enables an attacker to read any file on the filesystem that the skill's process has permissions to access. Even if the file is not valid JSON, its content is read into memory, and error messages might reveal parts of the file. Restrict the `--config` argument to only accept paths within a predefined, secure configuration directory, or remove the ability for users to specify arbitrary paths. If a custom config is necessary, implement strict path validation to prevent directory traversal and access to sensitive system files. For example, ensure the path is relative to a known safe directory or validate against a whitelist of allowed paths. | LLM | wechat_search.py:25 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.25.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/jixsonwang/wechat-search-release/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'beautifulsoup4>=4.9.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/jixsonwang/wechat-search-release/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest>=6.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/jixsonwang/wechat-search-release/requirements.txt:6 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest-cov>=2.10.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/jixsonwang/wechat-search-release/requirements.txt:7 | |
| MEDIUM | Unpinned Python dependency version Requirement 'mock>=4.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/jixsonwang/wechat-search-release/requirements.txt:8 | |
| MEDIUM | Indirect Command Injection via External Tool Calls The skill invokes external `openclaw` tools (`web_search`, `web_fetch`) using `subprocess.run`. The user-controlled `query` is passed directly as an argument value to these external tools (e.g., `--query` or `--url`). While `subprocess.run` is used with a list of arguments, which is generally safer, if the `openclaw` tools themselves are vulnerable to command injection (e.g., by internally using `shell=True` or unsafely constructing commands from their arguments), a malicious `query` could lead to arbitrary command execution. This is an indirect risk dependent on the security posture of the `openclaw` tools. Ensure that the `openclaw` tools are robust against command injection when processing user-supplied arguments. Implement strict input validation and sanitization for the `query` within this skill before passing it to any external tools, especially if the security of those tools cannot be fully guaranteed. | LLM | wechat_search.py:40 | |
| MEDIUM | Indirect Prompt Injection via External LLM-backed Tools The skill passes user-controlled `query` directly to `openclaw` tools (`web_search`, `web_fetch`). If these `openclaw` tools are implemented using an underlying Large Language Model (LLM), then a malicious `query` could be crafted to manipulate the behavior of that LLM, leading to prompt injection. This is an indirect prompt injection risk, dependent on the implementation of the `openclaw` tools. Ensure that the `openclaw` tools are robust against prompt injection when processing user-supplied arguments. Implement strict input validation and sanitization for the `query` within this skill before passing it to any LLM-backed tools. | LLM | wechat_search.py:40 | |
| LOW | Loose Dependency Version Pinning The `requirements.txt` file uses loose version pinning (`>=`) for its dependencies instead of exact pinning (`==`). This practice allows for new versions of these dependencies to be automatically installed, which could inadvertently introduce security vulnerabilities if a future version contains a flaw. While not an immediate vulnerability, it increases the supply chain risk by reducing reproducibility and making it harder to track and audit dependencies. Pin all dependencies to exact versions using `==` (e.g., `requests==2.25.0`) to ensure reproducible builds and prevent unexpected updates that might introduce vulnerabilities. Regularly review and update pinned versions after verifying their security. | LLM | requirements.txt:2 |
Scan History
Embed Code
[](https://skillshield.io/report/ae80f578363ac210)
Powered by SkillShield