inference-optimizer
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests broad shell access by instructing the user to allow high-privilege commands. SKILL.md and scripts/setup.sh suggest adding bash, rm, and find to the agent's execution allowlist (exec-approvals.json) to facilitate session purging and auditing.
- [COMMAND_EXECUTION]: The skill workflow involves dynamic generation and execution of shell scripts. optimization-agent.md (Task 5) directs the agent to generate a deployment script that restarts system services and modifies configurations.
- [DATA_EXFILTRATION]: The skill accesses and processes potentially sensitive files within the user's workspace. scripts/openclaw-audit.sh and optimization-agent.md are designed to read the full content of files like SOUL.md, USER.md, MEMORY.md, and openclaw.json, which may contain user data or system configurations.
- [PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection due to its data ingestion patterns.
- Ingestion points: The agent reads untrusted data from various workspace files (e.g., MEMORY.md, USER.md) in optimization-agent.md Task 1.
- Boundary markers: None identified. There are no delimiters or instructions to distinguish workspace content from agent instructions.
- Capability inventory: The agent has the ability to execute shell scripts (via SKILL.md) and modify the filesystem (via optimization-agent.md Tasks 2 and 5).
- Sanitization: None identified. The content of external files is not validated or escaped before being processed by the agent.
Audit Metadata