Security Audit

x-video-transcribe

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

x-video-transcribe received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 7 findings: 3 critical, 1 high, 2 medium, and 1 low severity. Key findings include Remote code execution: curl/wget pipe to shell, Sensitive environment variable access: $HOME, Arbitrary file write via --output argument.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 33/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

33%

Dependency Graph

100%

LLM Behavioral Safety

46%

Behavioral Risk Signals

Network Access

4 findings

Filesystem Write

4 findings

Shell Execution

4 findings

Excessive Permissions

3 findings

Security Findings7

Severity	Finding	Layer	Location
CRITICAL	Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter.	Static	skills/henrino3/ec-x-video-transcribe/scripts/transcribe.sh:109
CRITICAL	Remote code execution: curl/wget pipe to shell Detected a pattern that downloads and immediately executes remote code. This is a primary malware delivery vector. Never pipe curl/wget output directly to a shell interpreter.	Static	skills/henrino3/ec-x-video-transcribe/scripts/transcribe.sh:133
CRITICAL	Arbitrary file write via --output argument The script allows the user to specify an arbitrary file path via the `--output` argument. The content of the transcript, which includes potentially sensitive information like tweet text and author, is then written directly to this user-controlled path. This can lead to overwriting critical system files, creating malicious files in sensitive locations, or data exfiltration if the attacker can control the output path to a network share or a publicly accessible directory. Implement strict validation for the `--output` path. Ensure it is within an allowed, non-sensitive directory (e.g., a dedicated output folder within the agent's workspace) and sanitize against path traversal sequences (e.g., `../`).	LLM	scripts/transcribe.sh:140
HIGH	Potential Server-Side Request Forgery (SSRF) or Local File Inclusion (LFI) via VIDEO_URL The `VIDEO_URL` used by `curl` to download the video is extracted from the `bird` CLI's JSON output, which is derived from the user-provided `TWEET_URL`. If a malicious `TWEET_URL` can cause `bird` to return a `file://`, `ftp://`, or other internal scheme URL, `curl` could be tricked into accessing local files or internal network resources. This could lead to data exfiltration (e.g., reading `/etc/passwd`) or accessing internal services. Implement strict validation on the `VIDEO_URL` before passing it to `curl`. Ensure the URL scheme is `http` or `https` and consider validating the domain against an allow-list of trusted video hosts.	LLM	scripts/transcribe.sh:99
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/henrino3/ec-x-video-transcribe/scripts/transcribe.sh:11
MEDIUM	User-controlled path for bird CLI credentials The `BIRD_ENV` variable, which points to the `bird` CLI's credential file, can be overridden by the user via an environment variable. An attacker could set `BIRD_ENV` to point to a malicious file that, when sourced (via `export $(cat ...)`), could execute arbitrary commands or expose sensitive information to the script's environment. While `xargs` provides some sanitization, controlling the path to a credential file is a security risk. Restrict the `BIRD_ENV` path to a fixed, secure location within the agent's workspace that cannot be modified by user input. If user configuration is necessary, validate the path rigorously to prevent pointing to arbitrary files.	LLM	scripts/transcribe.sh:14
LOW	User-controlled temporary directory path The `TMPDIR` environment variable can be overridden by the user, allowing them to specify the location for temporary files created by the script. While the script cleans up these files, an attacker could point `TMPDIR` to a sensitive system directory or a partition with limited space, potentially leading to a denial-of-service by filling up the disk or interfering with other critical system operations. Use a fixed, dedicated temporary directory within the skill's isolated workspace (e.g., `~/agent-workspace/tmp/x-transcribe-$$`) instead of relying on a user-overridable `TMPDIR`.	LLM	scripts/transcribe.sh:16

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/faf86cfcd02b1520.svg)](https://skillshield.io/report/faf86cfcd02b1520)