Skills
skills/0xindiebruh/openclaw-mission-control-skill/openclaw-mission-control/Gen Agent Trust Hub

openclaw-mission-control

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The agent fetches task descriptions and mentions from a local API, which serves as a potential vector for malicious instructions.
  • Ingestion points: lead-HEARTBEAT.md (Steps 1-4) and worker-HEARTBEAT.md (Steps 1-2) retrieve data using curl.
  • Boundary markers: Absent. The agent is instructed to "Review deliverables" or "Do the work described in the task" without explicit delimiters or safety warnings for the retrieved content.
  • Capability inventory: curl is used for network operations to localhost:8080 (GET, POST, PATCH).
  • Sanitization: None visible; the agent directly processes the output of the API calls.
  • Command Execution (SAFE): The skill uses curl to interact with http://localhost:8080. This is the primary intended purpose of the skill for task synchronization and does not involve executing remote scripts or accessing sensitive local files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:05 PM