ClawHub

API Changelog Generator

PassAudited by VirusTotal on May 1, 2026.

Overview

Type: OpenClaw Skill Name: api-changelog-generator Version: 1.0.1 The `diff` command in `SKILL.md` contains a shell injection vulnerability where shell variables (`$OLD_SPEC` and `$NEW_SPEC`) are directly interpolated into a Python script string executed via `python3 -c`. This allows for arbitrary code execution if a user provides a filename containing single quotes and shell metacharacters. While the logic appears intended for legitimate OpenAPI specification comparison, the lack of input sanitization in the command construction poses a significant security risk.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence
ASI05: Unexpected Code Execution
What this means

If the agent runs this command on a maliciously named or untrusted spec file path, it could execute unintended local code rather than only reading the API spec.

Why it was flagged

The command places user-provided file path strings directly inside executable Python source. A crafted path containing a quote and Python syntax could break out of the string and execute arbitrary Python under the user’s account.

Skill content
OLD_SPEC="${1:?Usage: diff <old-spec> <new-spec>}" ... python3 -c " ... old = load_spec('$OLD_SPEC') ... new = load_spec('$NEW_SPEC') ... " 2>/dev/null
Recommendation

Rewrite the command to pass paths through argv, for example `python3 - "$OLD_SPEC" "$NEW_SPEC" <<'PY'` and read `sys.argv`, or otherwise safely quote/escape paths before execution. Avoid running it on untrusted filenames until fixed.

NoteMedium Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The command may fail or behave differently depending on the user’s local Python environment and installed packages.

Why it was flagged

The instruction-only skill relies on local Python and optionally PyYAML, while the registry metadata declares no required binaries or install spec. This appears purpose-aligned, but users may not realize the runtime dependency is external to the reviewed package.

Skill content
python3 -c " ... import yaml ... except ImportError: print(f'Warning: PyYAML not installed, trying JSON parse') ... "
Recommendation

Document python3 and optional PyYAML requirements in metadata or provide a safer, reviewed helper script with pinned dependencies.