The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill is designed to store cleartext usernames and passwords within the auth-platforms.json configuration file, creating a central repository for sensitive credentials.
[DATA_EXFILTRATION]: The skill manages full Chrome browser profiles located in ~/.openclaw/chrome-profiles/. These directories contain cookies, session tokens, and localStorage data, which are highly sensitive and subject to exposure if the system is compromised.
[COMMAND_EXECUTION]: Extensive use of shell commands including fast-browser-use, pkill, timeout, and jq to automate browser interactions and manage system processes.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it captures and parses the Document Object Model (DOM) from external websites to identify 'indicators'. Maliciously crafted website content could potentially influence the agent's logic during this parsing step. (1) Ingestion points: DOM content captured via fast-browser-use snapshot in SKILL.md. (2) Boundary markers: None identified. (3) Capability inventory: Shell command execution via subprocess and process.write in SKILL.md. (4) Sanitization: No sanitization or escaping of website content before processing.

auth-manager