The Agent Skills Directory

[DYNAMIC_EXECUTION]: The script scripts/token-guard.sh generates Python code at runtime using shell variable interpolation without sanitization. This occurs in functions like cmd_set_budget (using $daily_usd, $downgrade_model) and cmd_log (using $model, $source).
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses sensitive local files at $HOME/.clawdbot/clawdbot.json and $HOME/.openclaw/openclaw.json. These files are standard locations for storing LLM provider API keys and secrets.
[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The combination of dynamic Python execution and unsanitized input provides a vector for arbitrary code execution if script arguments are attacker-controlled.
[INDIRECT_PROMPT_INJECTION]: The skill's log function provides an attack surface for processing untrusted data via vulnerable dynamic execution.
Ingestion points: Command line arguments to scripts/token-guard.sh log.
Boundary markers: None.
Capability inventory: Local file access, Python execution, local network API calls via curl to change model configuration.
Sanitization: None.
[SAFE]: No obfuscation, persistence mechanisms, or direct prompt injection attempts were detected.

token-guard