Security Audit
sundial-org/awesome-openclaw-skills:skills/apple-media
github.com/sundial-org/awesome-openclaw-skillsTrust Assessment
sundial-org/awesome-openclaw-skills:skills/apple-media received a trust score of 41/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned Dependency in Installation Command, Potential Command Injection via `atvremote` Arguments, Data Exfiltration Risk via `stream_file` Command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Dependency in Installation Command The skill's installation command `pipx install pyatv --python python3.13` specifies the `pyatv` package without a version pin. This means that during installation, the latest available version of `pyatv` will be downloaded from PyPI. If a malicious actor were to compromise the `pyatv` project or publish a typosquatted package, users installing this skill could inadvertently execute arbitrary malicious code. Pin the `pyatv` dependency to a specific, known-good version (e.g., `pipx install pyatv==X.Y.Z --python python3.13`) to ensure deterministic and secure installations. Regularly review and update the pinned version. | Static | SKILL.md:6 | |
| MEDIUM | Potential Command Injection via `atvremote` Arguments The skill exposes the `atvremote` command-line tool, which accepts various arguments that can be derived from user input (e.g., device names, IP addresses, file paths, URLs, text input). If the LLM constructs `atvremote` commands by directly interpolating untrusted user input without proper sanitization or escaping, it could lead to command injection. An attacker could craft input that breaks out of the intended argument and executes arbitrary shell commands. When constructing `atvremote` commands based on user input, ensure all arguments are strictly validated and properly escaped for shell execution. Prefer using a safe command execution library that handles argument separation and prevents shell injection (e.g., `subprocess.run` with `shell=False` and passing arguments as a list). | Static | SKILL.md:39 | |
| MEDIUM | Data Exfiltration Risk via `stream_file` Command The `atvremote stream_file` command allows streaming local files to an Apple device. If the LLM is prompted to stream a sensitive local file (e.g., configuration files, private keys, user data) and the user has access to the target Apple device, this functionality could be abused for data exfiltration. The skill itself doesn't exfiltrate, but it provides a mechanism that could be exploited by a malicious prompt or user. Implement strict validation and access control for file paths provided to the `stream_file` command. Restrict streaming to non-sensitive directories or explicitly whitelist allowed file types/locations. Provide clear warnings to users about the implications of streaming local files and the potential for data exposure. | Static | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/0737a656d1d67284)
Powered by SkillShield