auth-manager
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill configuration file located at
~/.openclaw/auth-platforms.jsonexplicitly includes acredentialsobject designed to storeusernameandpasswordfields in plaintext. Storing sensitive authentication secrets without encryption or a secure vault presents a significant risk of credential exposure if the local file system is accessed. - [COMMAND_EXECUTION]: The skill instructions involve the execution of various shell commands, including
pkill,mkdir,timeout, and thefast-browser-useutility. These commands use string interpolation for platform IDs and URLs, which creates a risk of command injection if the source data for these variables is not strictly controlled. Furthermore, thepkillcommand uses a broad pattern matchingchrome.*--remote-debugging, which may inadvertently terminate unrelated browser processes. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion point: The
fast-browser-use snapshotcommand retrieves the DOM of external websites specified bycheck_url(e.g., inauth-platforms.json). Boundary markers: No delimiters or protective instructions are used to isolate the scraped content from the agent's logic. Capability inventory: The skill has the ability to interact with processes (process.write), manage files, and control browser sessions. Sanitization: No evidence of escaping or filtering of HTML content is present. An attacker could host a website that, when checked for status, provides malicious instructions to the agent within the DOM.
Recommendations
- AI detected serious security threats
Audit Metadata