Security Audit
sundial-org/awesome-openclaw-skills:skills/apple-photos
github.com/sundial-org/awesome-openclaw-skillsTrust Assessment
sundial-org/awesome-openclaw-skills:skills/apple-photos received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 5 critical, 2 high, 0 medium, and 2 low severity. Key findings include Excessive Permissions Required, SQL Injection Vulnerability in photos-export.sh, Shell Injection Vulnerability in photos-export.sh (Output Path).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | SQL Injection Vulnerability in photos-export.sh The `UUID` variable, which is user-controlled input, is directly interpolated into an `sqlite3` query without proper sanitization or parameterization. An attacker can inject malicious SQL commands by crafting the `UUID` input, potentially leading to unauthorized data access, modification, or deletion within the Photos database. Sanitize or escape the `UUID` variable before using it in the SQL query. For `sqlite3` in shell scripts, consider using `printf %q` for shell escaping if the input is a single string, or use `sqlite3`'s parameter binding capabilities if available and practical, or strictly validate the UUID format (e.g., regex for UUID pattern). | LLM | scripts/photos-export.sh:24 | |
| CRITICAL | SQL Injection Vulnerability in photos-info.sh The `UUID` variable, which is user-controlled input, is directly interpolated into an `sqlite3` query without proper sanitization or parameterization. This allows for SQL injection, potentially exposing sensitive photo metadata or allowing database manipulation. Sanitize or escape the `UUID` variable before using it in the SQL query. For `sqlite3` in shell scripts, consider using `printf %q` for shell escaping if the input is a single string, or strictly validate the UUID format. | LLM | scripts/photos-info.sh:23 | |
| CRITICAL | AppleScript Injection Vulnerability in photos-search-content.sh The `QUERY` variable, which is user-controlled input, is directly interpolated into an `osascript` command's AppleScript string. AppleScript strings use double quotes, so an attacker can inject arbitrary AppleScript commands by crafting the `QUERY` input to break out of the string, potentially leading to arbitrary command execution on the macOS system. Escape double quotes and backslashes in the `QUERY` variable before embedding it into the AppleScript string. A common approach is to replace `"` with `\"` and `\` with `\\`. | LLM | scripts/photos-search-content.sh:19 | |
| CRITICAL | SQL Injection Vulnerability in photos-search-person.sh (NAME parameter) The `NAME` variable, which is user-controlled input, is directly interpolated into an `sqlite3` `LIKE` clause without proper sanitization. An attacker can inject malicious SQL commands by crafting the `NAME` input, potentially leading to unauthorized data access or database manipulation. Sanitize or escape the `NAME` variable before using it in the SQL query. Specifically, escape single quotes and percentage signs if they are not intended as part of the `LIKE` wildcard. Using `sqlite3`'s parameter binding is the most robust solution. | LLM | scripts/photos-search-person.sh:20 | |
| CRITICAL | SQL Injection Vulnerability in photos-search-person.sh (PERSON_IDS parameter) The `PERSON_IDS` variable, which is derived from a previous SQL query that is itself vulnerable to injection (due to the `NAME` parameter), is directly interpolated into an `IN` clause of a subsequent `sqlite3` query. If the initial `NAME` injection is successful, `PERSON_IDS` could contain malicious SQL, leading to a second-order SQL injection with potentially broader impact. The primary remediation is to fix the initial SQL injection vulnerability for the `NAME` parameter. Additionally, ensure that `PERSON_IDS` is strictly validated to contain only comma-separated integers before being used in the `IN` clause. | LLM | scripts/photos-search-person.sh:34 | |
| HIGH | Excessive Permissions Required The skill requires 'Full Disk Access for terminal' as stated in SKILL.md. This grants the terminal (and thus any script executed by the agent) unrestricted access to all user files, including sensitive data outside the Photos library. While necessary for the skill's functionality, users should be aware of this broad permission and the potential for data exfiltration or modification if the skill were to be compromised or misused. Inform users clearly about the 'Full Disk Access' requirement and its implications. Ensure all scripts are thoroughly vetted for other vulnerabilities that could exploit this permission. | LLM | SKILL.md:8 | |
| HIGH | Shell Injection Vulnerability in photos-export.sh (Output Path) The `OUTPUT` variable, which is user-controlled, is used directly in `mkdir -p` and file operation commands (`magick`, `convert`, `sips`, `cp`). If `OUTPUT` contains shell metacharacters (e.g., `;`, `|`, `$(...)`), an attacker could execute arbitrary shell commands. Sanitize the `OUTPUT` variable to ensure it only contains valid path characters and does not contain shell metacharacters. Alternatively, use a fixed output directory and only allow the user to specify the filename, or validate the path strictly. | LLM | scripts/photos-export.sh:45 | |
| LOW | Potential SQL Injection (Integer Limit) in photos-recent.sh The `COUNT` variable, which is user-controlled, is directly interpolated into the `LIMIT` clause of an `sqlite3` query. While `sqlite3` typically expects an integer here and might error on non-numeric input, a malicious string could potentially be crafted to bypass this or cause unexpected behavior if not strictly validated as an integer. Validate `COUNT` to ensure it is a positive integer before using it in the SQL query. For example, use `[[ $COUNT =~ ^[0-9]+$ ]]` to check if it's a number. | LLM | scripts/photos-recent.sh:20 | |
| LOW | Potential SQL Injection (Integer Limit) in photos-search-date.sh The `LIMIT` variable, which is user-controlled, is directly interpolated into the `LIMIT` clause of an `sqlite3` query. Similar to `photos-recent.sh`, while `sqlite3` typically expects an integer, a non-numeric input could potentially cause issues or be part of a more complex injection if not strictly validated. Validate `LIMIT` to ensure it is a positive integer before using it in the SQL query. For example, use `[[ $LIMIT =~ ^[0-9]+$ ]]` to check if it's a number. | LLM | scripts/photos-search-date.sh:46 |
Scan History
Embed Code
[](https://skillshield.io/report/c6c6b9870dadc0b8)
Powered by SkillShield