Security Audit

sundial-org/awesome-openclaw-skills:skills/agent-browser-4

github.com/sundial-org/awesome-openclaw-skills

AI SkillCommit 6d998e005da6

CRITICAL

Scanned 27 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

sundial-org/awesome-openclaw-skills:skills/agent-browser-4 received a trust score of 0/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 4 findings: 1 critical, 3 high, 0 medium, and 0 low severity. Key findings include Command Injection via unsanitized output directory, Arbitrary File Write/Overwrite via unsanitized output directory, Arbitrary File Deletion via unsanitized state file path.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 25/100, indicating areas for improvement.

Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

25%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

3 findings

Shell Execution

2 findings

Dynamic Code

2 findings

Excessive Permissions

1 finding

Security Findings4

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unsanitized output directory The `capture-workflow.sh` script constructs shell commands using the `$OUTPUT_DIR` variable, which is directly derived from user-provided input (the second argument to the script). If an attacker provides a malicious string containing shell metacharacters (e.g., `'; rm -rf /;'`), these characters will be executed by the shell when `mkdir -p` or `ls -la` commands are run. This allows for arbitrary command execution. Sanitize or validate the `$OUTPUT_DIR` variable to ensure it does not contain shell metacharacters before using it in shell commands. A safer approach might involve using a fixed, temporary directory or strictly validating the path components. For example, use `printf '%q' "$OUTPUT_DIR"` if passing to another shell, or ensure the path is absolute and within an allowed directory.	Static	templates/capture-workflow.sh:9
HIGH	Arbitrary File Write/Overwrite via unsanitized output directory The `capture-workflow.sh` script uses the `$OUTPUT_DIR` variable, derived from user input, as the base path for saving various files (screenshots, page structure, text, PDF). An attacker controlling `$OUTPUT_DIR` could specify an arbitrary file path (e.g., `/etc/passwd` or `/root/.ssh/authorized_keys`) to overwrite sensitive system files with potentially arbitrary content (e.g., a screenshot image, page text, or PDF data). This could lead to denial of service, privilege escalation, or data corruption. Restrict the `$OUTPUT_DIR` to a predefined, non-sensitive directory (e.g., a subdirectory within the skill's working directory) or implement strict validation to ensure the path is safe and does not escape the intended boundaries. Avoid allowing arbitrary file paths from user input for write operations.	Static	templates/capture-workflow.sh:18
HIGH	Arbitrary File Deletion via unsanitized state file path The `authenticated-session.sh` script uses the `$STATE_FILE` variable, which is derived from user-provided input (the second argument to the script), in an `rm -f "$STATE_FILE"` command. If an attacker can control `$STATE_FILE`, they could specify an arbitrary file path (e.g., `/etc/passwd` or `/root/.ssh/authorized_keys`) to delete critical system files, leading to denial of service or system instability. Restrict the `$STATE_FILE` to a predefined, non-sensitive directory or implement strict validation to ensure the path is safe and does not escape the intended boundaries. Avoid allowing arbitrary file paths from user input for deletion operations.	Static	templates/authenticated-session.sh:35
HIGH	Credential Harvesting/Data Exfiltration via unsanitized state file path The `authenticated-session.sh` script uses the `$STATE_FILE` variable, derived from user input, for `agent-browser state load` and `agent-browser state save` operations. Browser state files can contain sensitive information such as cookies, local storage, and session tokens. If an attacker controls `$STATE_FILE`, they could specify an arbitrary path to save the browser state, potentially exfiltrating session credentials or other sensitive data. Conversely, loading state from an arbitrary path could allow an attacker to inject malicious browser state. Restrict the `$STATE_FILE` to a predefined, non-sensitive directory (e.g., a subdirectory within the skill's working directory) or implement strict validation to ensure the path is safe and does not escape the intended boundaries. Avoid allowing arbitrary file paths from user input for state management operations.	Static	templates/authenticated-session.sh:20

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/50e4128b53aebd70.svg)](https://skillshield.io/report/50e4128b53aebd70)