← Back to Directory

Model Usage

Scanned on 2/7/2026

⚠️62/100medium

Script executes external commands and reads files with minimal input validation, presenting moderate security risks through command injection and path traversal vulnerabilities.

Trust Score
62/100
Risk Level
medium
Issues Found
5

Security Analysis

This script has moderate security concerns primarily around command execution and file system access. While it avoids shell injection by using shell=False and doesn't make external network calls, it has three main vulnerabilities: (1) The provider argument is passed to subprocess without validation beyond argparse choices, which could be bypassed if called programmatically; (2) The input_path parameter allows reading arbitrary files without path validation, enabling potential information disclosure; (3) No resource limits on subprocess output or stdin reading could lead to DoS. The script shows some security awareness with type checking and proper encoding, but lacks defense-in-depth measures. The code is incomplete (cuts off mid-argument definition), preventing full analysis of all input vectors. For production use, implement strict input validation, path sanitization, and resource limits.

Security Findings

high - code-execution

Subprocess execution with user-controlled provider argument without proper validation

Evidence:

cmd = ["codexbar", "cost", "--format", "json", "--provider", provider] subprocess.check_output(cmd, text=True)
Recommendation: Implement strict allowlist validation for provider argument before passing to subprocess. Use shell=False (already done) and validate provider against hardcoded list of allowed values before subprocess call.
medium - filesystem

Arbitrary file read through input_path parameter without path validation

Evidence:

with open(input_path, "r", encoding="utf-8") as handle: raw = handle.read()
Recommendation: Validate input_path to ensure it's within expected directories, resolve symlinks, and check for path traversal attempts (../, absolute paths). Consider using pathlib.Path.resolve() and checking against allowed base directories.
medium - code-execution

JSON parsing of external command output without size limits

Evidence:

output = subprocess.check_output(cmd, text=True) payload = json.loads(output)
Recommendation: Add timeout parameter to subprocess.check_output() and implement size limits on output before parsing to prevent resource exhaustion attacks.
low - filesystem

Unrestricted stdin reading without size limits

Evidence:

if input_path == "-": raw = sys.stdin.read()
Recommendation: Implement maximum size limit when reading from stdin to prevent memory exhaustion: sys.stdin.read(MAX_SIZE) with appropriate error handling.
info - other

Limited error context in exception handling may hide security issues

Evidence:

except Exception: return None
Recommendation: Log exceptions or provide more specific exception handling to aid in security monitoring and debugging.

✅ Good Security Practices

  • Uses shell=False in subprocess calls, preventing shell injection
  • Implements type checking on parsed JSON data structures
  • No use of eval() or exec() functions
  • No hardcoded credentials or API keys
  • No network calls to external endpoints
  • Uses text mode for subprocess output instead of binary
  • Proper encoding specified for file operations (utf-8)

Source Information

ClawHub Page:clawhub.com/skills/model-usage
Source URL:/opt/homebrew/lib/node_modules/openclaw/skills/model-usage
Code Size:10,517 characters
Semgrep Findings:0