Security Audit
sundial-org/awesome-openclaw-skills:skills/attio
github.com/sundial-org/awesome-openclaw-skillsTrust Assessment
sundial-org/awesome-openclaw-skills:skills/attio received a trust score of 0/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 2 high, 2 medium, and 0 low severity. Key findings include File read + network send exfiltration, Sensitive path access: Environment file, Potential Command Injection via CLI arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/attio/SKILL.md:8 | |
| CRITICAL | File read + network send exfiltration .env file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/attio/SKILL.md:10 | |
| HIGH | Potential Command Injection via CLI arguments The skill describes a command-line interface (`attio`) that takes various user-supplied arguments such as `<query>`, `<json>`, `<title>`, and `<content>`. If these arguments are directly interpolated into shell commands by the underlying `attio` tool or the LLM's generated code without proper sanitization (e.g., escaping shell metacharacters), an attacker could inject arbitrary shell commands. This is a common vulnerability pattern for skills that wrap CLI tools and process untrusted input. Ensure all user-supplied arguments passed to shell commands are properly sanitized and escaped to prevent shell metacharacter injection. The `attio` tool itself should handle this robustly, or the LLM's generated code must explicitly escape inputs before execution. | Static | SKILL.md:15 | |
| HIGH | Broad access to sensitive CRM data The skill provides extensive capabilities to interact with Attio CRM, including creating, listing, searching, getting, updating, and completing records across various sensitive object types (companies, people, deals, notes, tasks, pipelines). While this is the intended functionality of a CRM integration, it means that any compromise of the agent utilizing this skill could lead to unauthorized access, modification, or exfiltration of a significant amount of sensitive business data within the Attio CRM. Implement strict access controls and least privilege principles for the API key used by this skill. Ensure the agent's scope of operation is tightly constrained and that user input is thoroughly validated before any CRM operations are performed. Consider breaking down the skill into more granular sub-skills with limited scopes if possible, to reduce the blast radius of a potential compromise. | Static | SKILL.md:13 | |
| MEDIUM | Sensitive path access: Environment file Access to Environment file path detected: '~/.env'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/attio/SKILL.md:8 | |
| MEDIUM | Sensitive path access: Environment file Access to Environment file path detected: '~/.env'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/attio/SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/ae291e5d158b7587)
Powered by SkillShield