Security Audit

weread

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

weread received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential for Command Injection via CLI arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

85%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Potential for Command Injection via CLI arguments The skill describes a CLI tool `weread` which takes various arguments, including `<bookId>` and date filters. If the LLM constructs shell commands by directly interpolating untrusted user input into these arguments without proper sanitization or shell-quoting, it could lead to command injection. For example, if a user provides a `bookId` containing shell metacharacters (e.g., `123; rm -rf /`), these could be executed by the underlying shell. While some examples show quoting (`weread get "$id"`), the LLM's implementation might not consistently apply this, especially for arguments not explicitly shown with quotes in the examples. Furthermore, the `for` loops demonstrate chaining commands where the output of one `weread` command is used as input for another, which could also be a vector if the output contains malicious shell commands that are not properly handled when interpolated. The LLM should strictly sanitize and shell-quote all user-provided input before constructing and executing any `weread` command. Specifically, ensure all arguments passed to `weread` are properly escaped to prevent shell metacharacter interpretation. For values derived from `weread` output and used in subsequent commands (e.g., `bookId` in `for` loops), ensure these values are also sanitized or quoted before use.	LLM	SKILL.md:19

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4670bbf165f8d683.svg)](https://skillshield.io/report/4670bbf165f8d683)