ordercli-security-advisory

Security advisory for OrderCLI — 2 high/critical issues found on 2026-05-07T09:15:31Z

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "ordercli-security-advisory" with this command: npx skills add terrycarter1985/ordercli-security-advisory

OrderCLI Security Advisory

Date: 2026-05-07T09:15:31Z

Summary

Audit of /root/.openclaw/workspace/ordercli found 2 high/critical issues.

  • 🔴 Critical: 0
  • 🟠 High: 2
  • 🟡 Medium: 2

Findings

  • 🟡 MEDIUM: Some CRUD-like functions lack visible auth checks — manual review recommended
  • 🟠 HIGH: JSON is loaded without schema validation (1 json.load(s) calls, 0 validators)
  • 🟡 MEDIUM: File operations without try/except error handling
  • 🟠 HIGH: orders.json contains 3 PII field(s) — ensure access is restricted

Recommended Actions

  1. Fix all critical issues before any production deployment
  2. Rotate any exposed credentials immediately
  3. Add input validation and parameterized queries
  4. Restrict file permissions on data files containing PII
  5. Re-run audit after fixes: ./run-audit.sh /root/.openclaw/workspace/ordercli

Auto-generated by run-audit.sh

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Openclaw Prompt Shield

Local input-hardening scanner for OpenClaw agents. Pattern-based detection across 9 categories of LLM input risks, with combined-signal scoring and caller-su...

Registry SourceRecently Updated
1700gopendrasharma89-tech
Security

Production Code Audit

Deep-scan a codebase, understand its architecture and patterns, then produce a comprehensive audit report with prioritized fixes. Optionally apply changes on...

Registry SourceRecently Updated
2960Profile unavailable
Security

Soc Deploy Misp

Deploy MISP threat intelligence platform on any Docker-ready Linux host. Official misp-docker project with automatic MariaDB memory tuning (prevents OOM on s...

Registry SourceRecently Updated
3070Profile unavailable
Security

SEO Intel

Local SEO competitive intelligence tool. Use when the user asks about SEO analysis, competitor research, keyword gaps, content strategy, site audits, AI cita...

Registry SourceRecently Updated
3640Profile unavailable