ordercli-security-advisory

Security advisory for OrderCLI — 2 high/critical issues found on 2026-05-07T09:15:31Z

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "ordercli-security-advisory" with this command: npx skills add terrycarter1985/ordercli-security-advisory

OrderCLI Security Advisory

Date: 2026-05-07T09:15:31Z

Summary

Audit of /root/.openclaw/workspace/ordercli found 2 high/critical issues.

  • 🔴 Critical: 0
  • 🟠 High: 2
  • 🟡 Medium: 2

Findings

  • 🟡 MEDIUM: Some CRUD-like functions lack visible auth checks — manual review recommended
  • 🟠 HIGH: JSON is loaded without schema validation (1 json.load(s) calls, 0 validators)
  • 🟡 MEDIUM: File operations without try/except error handling
  • 🟠 HIGH: orders.json contains 3 PII field(s) — ensure access is restricted

Recommended Actions

  1. Fix all critical issues before any production deployment
  2. Rotate any exposed credentials immediately
  3. Add input validation and parameterized queries
  4. Restrict file permissions on data files containing PII
  5. Re-run audit after fixes: ./run-audit.sh /root/.openclaw/workspace/ordercli

Auto-generated by run-audit.sh

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Agentsec

Audit AI agent skills for security vulnerabilities. Use when scanning installed skills against the OWASP Agentic Skills Top 10, checking skills before runnin...

Registry SourceRecently Updated
2311Profile unavailable
Security

agent-bom runtime

AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the u...

Registry SourceRecently Updated
1.1K0Profile unavailable
Security

agent-bom scan

Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container...

Registry SourceRecently Updated
1.1K0Profile unavailable
Security

agent-bom registry

MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch...

Registry SourceRecently Updated
1.1K0Profile unavailable