Construction PM
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: construction-pm Version: 1.0.0 The skill bundle is highly vulnerable to command injection (Python code injection) across all its shell scripts (`add-job.sh`, `briefing.sh`, `init.sh`, `parse-email.sh`, `permit-check.sh`, `pipeline.sh`). User-controlled input, such as command-line arguments or email content, is directly interpolated into Python scripts executed via 'here documents' (e.g., `python3 << PYEOF`). An attacker could inject arbitrary Python code (e.g., `" + __import__('os').system('evil_command') + "`) into these interpolated strings, leading to arbitrary code execution on the host system. While the skill's stated purpose is benign, this critical vulnerability allows for remote code execution, classifying it as suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or unexpected email body could potentially run commands on the user’s machine through the parser.
The script reads email text and expands it directly into Python source inside an unquoted heredoc. A crafted email containing Python string terminators could escape the intended string and execute local Python code when parsed.
EMAIL_TEXT=$(cat "$2") ... python3 << PYEOF ... email = """$EMAIL_TEXT"""
Do not parse untrusted emails with this version. Refactor the script so Python reads email content from stdin or a file path, and pass all values as data rather than embedding them into generated Python code.
A crafted job field supplied by a user, pasted content, or another agent step could cause unintended code execution while adding or updating a job.
Command-line fields such as customer and notes are inserted directly into Python source. Quotes, newlines, or Python syntax in those fields can break out of the intended string context.
python3 << PYEOF ... if "$CUSTOMER": job["customer"] = "$CUSTOMER" ... if "$NOTES": job["notes"] = "$NOTES"
Pass arguments through environment variables, JSON files, stdin, or argparse, and let Python parse them as values. Avoid constructing Python code with shell-expanded user input.
The agent can add or update local construction job records, including statuses, values, notes, and permit information.
The add-job tool writes changes to the local job database, which is expected for a project-management tracker but can alter business records.
data["jobs"] = jobs
with open(db_path, "w") as f:
json.dump(data, f, indent=2)Use confirmations for important updates, restrict DATA_DIR to the intended workspace, and back up the JSON database before relying on it operationally.
The skill may fail or behave inconsistently on systems that satisfy the declared requirements but lack python3.
The scripts invoke python3, while the provided requirements and skill.json declare only bash as a required binary. This is an under-declared runtime dependency.
python3 << PYEOF
Declare python3 as a required binary in the skill metadata and installation requirements.
Local project and customer data will persist in the workspace and may be visible to anyone or any tool with access to that directory.
The documented database stores persistent customer, address, revenue, status, notes, and history information for reuse across future runs.
Jobs are stored as JSON in `construction-pm-data/jobs.json`
Store the data directory in an appropriate private location, control workspace access, and avoid entering unnecessary sensitive customer details.