Security Audit
sundial-org/awesome-openclaw-skills:skills/atxp
github.com/sundial-org/awesome-openclaw-skillsTrust Assessment
sundial-org/awesome-openclaw-skills:skills/atxp received a trust score of 41/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 3 medium, and 0 low severity. Key findings include Command Injection via unsanitized user input in `npx atxp` commands, Unpinned `npx` package execution introduces supply chain risk, Sourcing `~/.atxp/config` can lead to command injection or data exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 64/100, indicating areas for improvement.
Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via unsanitized user input in `npx atxp` commands The skill documentation explicitly shows examples of executing `npx atxp` commands with user-provided `<query>` or `<prompt>` arguments (e.g., `npx atxp search <query>`). If these user inputs are not properly sanitized or escaped before being passed to the shell, an attacker can inject arbitrary shell commands by including metacharacters (e.g., `;`, `&&`, `$(...)`) in their query/prompt. This could lead to arbitrary code execution on the host system. Implement robust input sanitization and escaping for all user-provided arguments passed to shell commands. Use a safe method for executing external commands (e.g., `child_process.spawn` with arguments passed as an array, or a library that handles shell escaping correctly) instead of directly concatenating strings into a shell command. | LLM | SKILL.md:19 | |
| MEDIUM | Unpinned `npx` package execution introduces supply chain risk The skill relies on executing `npx atxp login` and other `npx atxp` commands. `npx` will download and execute the latest version of the `atxp` package if a specific version is not pinned. This introduces a supply chain risk: if the `atxp` package maintainer's account is compromised, or if a malicious update is pushed, the skill could unknowingly execute malicious code. Additionally, typosquatting attacks (where a malicious package with a similar name is published) are a concern. Pin the version of the `atxp` package when using `npx` (e.g., `npx atxp@1.2.3 login`). Implement package integrity checks (e.g., using `npm audit` or checking package hashes) to detect known vulnerabilities or tampering. | LLM | SKILL.md:13 | |
| MEDIUM | Sourcing `~/.atxp/config` can lead to command injection or data exfiltration The skill instructs to `source ~/.atxp/config`. Sourcing a file executes its content in the current shell environment. If an attacker can control the content of `~/.atxp/config` (e.g., through a compromised system or by manipulating file paths), they could inject arbitrary shell commands or exfiltrate environment variables and other sensitive data accessible to the current user. This is particularly risky if the config file is intended to hold credentials. Avoid sourcing configuration files that might contain executable code or sensitive commands, especially if their integrity cannot be guaranteed. If sourcing is necessary, ensure the file has strict permissions and is owned by a trusted user, and consider parsing configuration values rather than executing the file directly. | LLM | SKILL.md:14 | |
| MEDIUM | Unpinned NPM package dependency `@atxp/client` introduces supply chain risk The programmatic access example imports `atxpClient` and `ATXPAccount` from the `@atxp/client` package. While the skill itself doesn't define the `package.json`, the reliance on an external NPM package introduces a supply chain risk. If this package is compromised or a malicious version is published (e.g., via typosquatting or account compromise), it could lead to arbitrary code execution within the agent's environment. In the project's `package.json` (if applicable), pin the exact version of `@atxp/client` to prevent automatic updates to potentially malicious versions. Regularly audit dependencies for vulnerabilities and ensure package integrity. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/04fb6c9ee45a78db)
Powered by SkillShield